Subject: re: localhost security hole
To: matthew green <email@example.com>
From: Todd Vierling <firstname.lastname@example.org>
Date: 06/29/2003 00:59:24
On Sun, 29 Jun 2003, matthew green wrote:
: : that doesn't matter. that will only be looked for if "localhost" by
: : itself is not found.
: ...and even that case can be cared for by using "root@localhost." (note
: trailing dot, which tells the resolver that search domains must not be
: except that the address "root@localhost." is invalid.
s/is invalid/may require adding "localhost." to the local-host-names list/
I haven't functionally tried this yet. It's supposed to be valid per RFC
address resolution rules, if assuming (as this thread does) that the *fully
qualified* domain name "localhost" resolves to 127.0.0.1.
-- Todd Vierling <email@example.com>