Subject: Re: localhost security hole
To: Andrew Brown <firstname.lastname@example.org>
From: David Porowski <email@example.com>
Date: 06/29/2003 01:32:14
Andrew Brown wrote:
> >Sorry to be a "butinski", but I feel compelled to reply
> >to this thread. As a user who is frequently "untethered",
> >(laptop) and also security conscience, I would consider the
> >following points:
> >1) never run sendmail as a daemon
> you have no choice now (unless you set sendmail back to suid root),
> but you can tell it (as you always could) only to listen on the
> loopback interface.
Merely illustrates that I have not used sendmail for
some time, hence my "plug" for qmail. I will have to
take a closer look at postfix, though.
> >2) never run sendmail as suid root
> it doesn't now.
Quite glad to know that. I have admired the movement
away from suid root for programs out of numerous security
> >3) always configure nsswitch as: hosts: files dns
> that's the default setting.
As it should be. The other way around (dns / files)
presumes that DNS is always correct.
> >4) always chmod /etc/hosts as 0666
> i shall assume you mean 0444 here.
Absolutely. (The "devil" made me quote "666".)
> >5) always use 127.0.0.1 localhost.domain localhost
> actually, i'd recommend "127.0.0.1 localhost localhost.domain" so that
> you can look up localhost.domain (using gethostbyname()), but the
> canonical name for it will be returned as localhost.
Interesting. I guess I have always preferred the FQDN
as canonical, but that could be useful.
> >IMHO, root mail should, by default, only go to the
> >local machine. Any management changes for network
> >mail collection can always be scp pushed to these
> >machines. DNS can be spoofed, and your first line
> >of defense is what you have the closest control of.
> if you're going to have your root mail go to another machine, one
> would assume you have taken some steps to be reasonably sure it gets
You are correct. The only point that I was trying to make
is that for a default installation and configuration, that
local security should take higher precedence over ease of
establishing a root mail server (or a log server).
> |-----< "CODE WARRIOR" >-----|
> firstname.lastname@example.org * "ah! i see you have the internet
> email@example.com (Andrew Brown) that goes *ping*!"
> firstname.lastname@example.org * "information is power -- share the wealth."