Gabor Gombas <firstname.lastname@example.org> writes:
> Hmm, how would INN react if it sees a "normal-looking" name (like
> foo.bar.com) that in turn resolves to 127.0.0.1? It's been a long time
> since I last run a news server and I used Diablo instead of INN so I'm
> not familiar with INN's internals. But it seems INN is relying on a
> broken heuristics...
INN applies the following heuristic to determine the Path header and the
hostname for the message ID if not otherwise configured:
* Obtain the system host name with gethostname().
* Look up an IP address for that host with gethostbyname().
* Look up the names associated with that address with gethostbyaddr().
* Walk the alias list of the result and find the first name containing
A simple line of:
127.0.0.1 localhost localhost.localdomain
by itself doesn't cause problems. It does, however, make it much easier
for a common misconfiguration to result. That misconfiguration happens
when users put the unqualified local hostname on the 127.0.0.1 line (a
configuration that follows an old mistaken but common Unix practice,
putting the unqualified hostname on every line of /etc/hosts). Then, the
above algorithm ends up returning localhost.localdomain rather than the
actual system hostname if the standard practice of listing 127.0.0.1 first
A user misconfiguration is needed *on top of* localhost.localdomain for
this to be a problem, but that misconfiguration is not uncommon and (most
tellingly) having localhost.localdomain there solves *no* actual
real-world problems. It's just a time bomb.
You can see from the above that if the user puts their complete hostname
on 127.0.0.1, INN does just fine *provided* that localhost.localdomain
isn't listed before it. It also does fine if the user explicitly
configures this part of INN, but as with most software, it's best to
figure out reasonable defaults where possible. This code has worked
reasonably well for 13 years, except on systems with localhost.localdomain
and this misconfiguration.
We could special-case localhost.localdomain, but why? What purpose does
it serve to have that name in /etc/hosts?
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>