Subject: Re: localhost security hole
To: David Porowski <>
From: Andrew Brown <>
List: tech-security
Date: 06/28/2003 23:58:44
>Sorry to be a "butinski", but I feel compelled to reply
>to this thread.  As a user who is frequently "untethered",
>(laptop) and also security conscience, I would consider the
>following points:
>1)  never run sendmail as a daemon

you have no choice now (unless you set sendmail back to suid root),
but you can tell it (as you always could) only to listen on the
loopback interface.

>2)  never run sendmail as suid root

it doesn't now.

>3)  always configure nsswitch as: hosts: files dns

that's the default setting.

>4)  always chmod /etc/hosts as 0666

i shall assume you mean 0444 here.

>5)  always use localhost.domain localhost

actually, i'd recommend " localhost localhost.domain" so that
you can look up localhost.domain (using gethostbyname()), but the
canonical name for it will be returned as localhost.

>IMHO, root mail should, by default, only go to the
>local machine.  Any management changes for network
>mail collection can always be scp pushed to these
>machines.  DNS can be spoofed, and your first line
>of defense is what you have the closest control of.

if you're going to have your root mail go to another machine, one
would assume you have taken some steps to be reasonably sure it gets

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."