Date: Fri, 30 May 1997 18:16:45 -0700 (MST) From: Don Yuniskis <dgy@rtd.com> To: joerg_wunsch@uriah.heep.sax.de Cc: hackers@FreeBSD.ORG Subject: Re: uucp uid's Message-ID: <199705310116.SAA23468@seagull.rtd.com> In-Reply-To: <19970531020825.GN62992@uriah.heep.sax.de> from "J Wunsch" at May 31, 97 02:08:25 am
next in thread | previous in thread | raw e-mail | index | archive | help
It seems that J Wunsch said: > As Don Yuniskis wrote: > > > If each UUCP dialup account has a unique login and that is compromised, you > > can tell exactly where the problem originated, can disable that *single* > > account ... > > But that doesn't require distinct UIDs. How? Since *any* UUCP account can masquerade as another "system" and they all appear in your uucp and wtmp logs as "nuucp" (or whatever *single* uid you have them using), how do you determine which account is being used to send spam, etc. > (Forging UUCP mail is about as easy as forging SMTP mail, except for > the latter, you never need a password at all.) Yes. But how do you chase down "undesired" UUCP activity if you can't at least determine which *possible* UUCP dialin was being used? There are other mechanisms that you can employ to cut down on SMTP abuses (i.e. refusing to act as a relay for mail, verifying the identity of the host, etc.) but UUCP has very few defenses -- why discard one that's as easy to implement as simply adding a line to /etc/passwd? --don
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199705310116.SAA23468>