From owner-freebsd-current Mon Oct 1 12:25:16 2001 Delivered-To: freebsd-current@freebsd.org Received: from atg.aciworldwide.com (h139-142-180-4.gtcust.grouptelecom.net [139.142.180.4]) by hub.freebsd.org (Postfix) with ESMTP id 80EC337B401 for ; Mon, 1 Oct 2001 12:25:13 -0700 (PDT) Received: from atg.aciworldwide.com (atg.aciworldwide.com [139.142.180.33]) by atg.aciworldwide.com (8.12.0/8.12.0) with ESMTP id f91JPC8f015412; Mon, 1 Oct 2001 13:25:12 -0600 (MDT) Message-Id: <200110011925.f91JPC8f015412@atg.aciworldwide.com> Organization: ACI Worldwide - Advanced Technology Group X-URL: http://www.aciworldwide.com/ To: Joe Kelsey Cc: current@FreeBSD.ORG Subject: Re: uucp user shell and home directory In-Reply-To: Message from Joe Kelsey of "Mon, 01 Oct 2001 11:53:17 PDT." <15288.48029.798593.908820@zircon.zircon.seattle.wa.us> Date: Mon, 01 Oct 2001 13:25:12 -0600 From: Lyndon Nerenberg Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > The convention was to use ``uucp'' as the default anonymous login > service. I think we're talking about two different things. Yes, many UNIX distributions shipped with a passwordless 'uucp' account with uucico as the shell. My comments about the 'nuucp' convention were referring to the publically visible anonymous UUCP sites. > Some people had the mistaken impression that there was some > sort of "hole" in the uucp system which was caused by using uucp as a > default login for uucp service. No such hole existed in modern uucico > processes, although there were bugs in early uucico (7th Edition > vintage) which may be the reason that these rumors started. I think much of this was related to the System V (R0 and R1) getty/login environment, where you could pass in arbitrary environment variables along with the login id. If your machine was poorly configured this could be used to bypass restricted shell environments. I can see where uucico shells could get lumped in with the rsh (the shell, not the network utility) environment bugs. Early uucico's were definately buggy, however I don't recall these bugs ever being exploited to compromise security. (Well, you could do DOS attacks by getting the remote uucico to drop core, leaving a LCK..site file lying around. SCO's uucico could be made to do this just by making faces at it.) > With the HoneyDanBer uucp, there were no > security holes in uucico and it was completely safe to use uucp as an > anonymous login service. I wouldn't be that absolute. No security holes were ever demonstrated, which isn't the same as saying they weren't there. (Did anyone ever breach ihnp4?) > That said, for max security it is always useful to have each site have > its own login, up to a point. Some large uucp sites used to use common > logins simply because there was so little security risk (especially with > HoneyDanBer variety). Unique logins provided fine-grained policy control. If site foo started doing bad things (deliberately or by accident) you want to be able to knock it down without taking out other functioning sites. HDB's ability to require a particular UUCP node to connect only with a specific login id was a very nice feature. (Or was it Taylor that introduced that? My memory is getting a wee bit fuzzy.) > Certainly, anonymous uucp is more secure than > anonymous ftp. For the server. The client side of the copy could definately use some work. --lyndon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message