Date: Mon, 1 Oct 2001 11:53:17 -0700 From: Joe Kelsey <joe@zircon.seattle.wa.us> To: current@FreeBSD.ORG Subject: Re: uucp user shell and home directory Message-ID: <15288.48029.798593.908820@zircon.zircon.seattle.wa.us> In-Reply-To: <200110011826.f91IQk8f015078@atg.aciworldwide.com> References: <wollman@khavrinen.lcs.mit.edu> <200110011800.f91I0u053253@khavrinen.lcs.mit.edu> <200110011826.f91IQk8f015078@atg.aciworldwide.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Lyndon Nerenberg writes: > >>>>> "Garrett" == Garrett Wollman <wollman@khavrinen.lcs.mit.edu> writes: > > Garrett> I remember, back in the mists of ancient time, it was > Garrett> common practice to provide ``anonymous UUCP'' service > Garrett> along the lines of anonymous FTP in (what was at that > Garrett> time) ARPANET. > > Yup, I used to run one of those (ncc). osu-cis was probably the > grandaddy of the anonymous UUCP sites. The convention seemed to be to > use the login 'nuucp' for anonymous passwordless access. (And I > wouldn't call it common -- there were only a handful sites that > provided this type of service.) The convention was to use ``uucp'' as the default anonymous login service. Some people had the mistaken impression that there was some sort of "hole" in the uucp system which was caused by using uucp as a default login for uucp service. No such hole existed in modern uucico processes, although there were bugs in early uucico (7th Edition vintage) which may be the reason that these rumors started. Of course, it didn't hurt the spread of these rumors that most BSD sites were stuck in the 7th Edition heritage and never actually caught up to the modern HoneyDanBer uucp. With the HoneyDanBer uucp, there were no security holes in uucico and it was completely safe to use uucp as an anonymous login service. However, most university sites mistakenly perpetuated the nuucp service, mostly for administrative reasons. That said, for max security it is always useful to have each site have its own login, up to a point. Some large uucp sites used to use common logins simply because there was so little security risk (especially with HoneyDanBer variety). Certainly, anonymous uucp is more secure than anonymous ftp. /Joe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15288.48029.798593.908820>