Subject: Re: localhost security hole
To: Andrew Brown <>
From: David Porowski <>
List: tech-security
Date: 06/29/2003 01:32:14
Andrew Brown wrote:

> >Sorry to be a "butinski", but I feel compelled to reply
> >to this thread.  As a user who is frequently "untethered",
> >(laptop) and also security conscience, I would consider the
> >following points:
> >
> >1)  never run sendmail as a daemon
> you have no choice now (unless you set sendmail back to suid root),
> but you can tell it (as you always could) only to listen on the
> loopback interface.

Merely illustrates that I have not used sendmail for
some time, hence my "plug" for qmail.  I will have to
take a closer look at postfix, though.

> >2)  never run sendmail as suid root
> it doesn't now.

Quite glad to know that.  I have admired the movement
away from suid root for programs out of numerous security

> >3)  always configure nsswitch as: hosts: files dns
> that's the default setting.

As it should be.  The other way around (dns / files)
presumes that DNS is always correct.

> >4)  always chmod /etc/hosts as 0666
> i shall assume you mean 0444 here.

Absolutely.  (The "devil" made me quote "666".)

> >5)  always use localhost.domain localhost
> actually, i'd recommend " localhost localhost.domain" so that
> you can look up localhost.domain (using gethostbyname()), but the
> canonical name for it will be returned as localhost.

Interesting.  I guess I have always preferred the FQDN
as canonical, but that could be useful.

> >IMHO, root mail should, by default, only go to the
> >local machine.  Any management changes for network
> >mail collection can always be scp pushed to these
> >machines.  DNS can be spoofed, and your first line
> >of defense is what you have the closest control of.
> if you're going to have your root mail go to another machine, one
> would assume you have taken some steps to be reasonably sure it gets
> there.

You are correct.  The only point that I was trying to make
is that for a default installation and configuration, that
local security should take higher precedence over ease of
establishing a root mail server (or a log server).

> --
> |-----< "CODE WARRIOR" >-----|
>             * "ah!  i see you have the internet
> (Andrew Brown)                that goes *ping*!"
>       * "information is power -- share the wealth."