UNIXPC uucp problem
James Van Artsdalen
james at bigtex.uucp
Sat Jul 16 14:21:26 AEST 1988
IN article <1988Jul4.173733.7088 at ziebmef.uucp>, cks at ziebmef.UUCP (Chris Siebenmann) wrote:
> Actually, all uucp dialins have to share the same UID as 'uucp'. If
uucico should be suid to the uucp user. uucico doesn't care what the
real uid is. It does use the login name to reference the Permissions
file (assuming we're talking HDB uucp).
> In hindsight, this makes sense; it means that people can't just
> invoke uucico from their own accounts and pretend to be some random
> machine. Instead you somehow have to set your uid to the 'uucp' UID.
> Could have been worse, I suppose; they could have hardcoded the uucp
Actually, I understand that the uucp uid is indeed a configurable
constant in the uucp package. I can't imagine what it's used for
though: if someone forgets to make uucico suid, that will be obvious
soon enough, and file read/write permissions are based on the
Permissions file and whether or not the file is readable/writable by
"other".
The security measures to prevent someone from spoofing uucp this way
revolve around the use of the Permissions file and the VALIDATE
keyword (if you don't use VALIDATE, do so).
When uucico is started in master mode, the transfer permissions are
granted based on the machine name. But when uucico is started in
slave mode (as it would be if a user ran it), permissions are granted
based on the login name, *not* the machine name. This is why VALIDATE
is so important. Note that uucico takes the login name from /etc/utmp
to prevent spoofing (or at least it should).
--
James R. Van Artsdalen ...!ut-sally!utastro!bigtex!james "Live Free or Die"
Home: 512-346-2444 Work: 328-0282; 110 Wild Basin Rd. Ste #230, Austin TX 78746
More information about the Unix-pc.general
mailing list