Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!csd4.csd.uwm.edu!cs.utexas.edu!uunet!paralogics!shaw From: shaw@paralogics.UUCP (Guy Shaw) Newsgroups: comp.sources.d Subject: Re: Somebody invoked uucico -x9 to osu-cis... Summary: It wasn't me, but it could have been. Message-ID: <248@paralogics.UUCP> Date: 9 Sep 89 18:56:56 GMT References: Organization: Paralogics; Santa Monica, CA Lines: 65 In article , karl@kant.cis.ohio-state.edu (Karl Kleinpaste) writes: > And then someone out there had the unmatched _gall_ to request the > whole of GNU Emacs source with uucico running -x9. > > For those of you not familiar, the -x option to uucico invokes > debugging. It tells uucico to babble incessantly about what it's > doing. Higher digits means more verbose levels of debugging. The max > is -x9, which is a packet-level trace of uucico's activity. This > usually means that more data gets dumped about what's being > transferred than actually gets transferred down the port. Most > importantly, invoking -x9 at YOUR end also puts MY end into -x9, > dumping to /usr/spool/uucp/.Admin/audit. > DON'T DO THAT. It's in extremely bad taste. If you must, use -x9 I didn't do that, but I could have. The only reason I wouldn't have used -x9 is because *I* wouldn't want to see all that much prattle about something the size of GNU Emacs on *MY* system, not because I suspected that I could affect your system with my -x option. I sure didn't know that -x causes the remote system to do debugging, as well. I have sympathy for whoever did that, and I am not an overly sympathetic person. I poured over all the great documentation I have on UUCP, and I couldn't find anything about that. Of course, the documentation for UUCP was one the things that inspired the F in RTFM. I don't have an ".Admin" directory. I would guess you are using HDB UUCP. Sorry to be such a pleb; all I have is a Sun machine. I looked in the Nutshell manuals on UUCP, which supposedly cover HDB, as well as old UUCP, but they don't say anything about -x's effect on remote machines, nor do they mention .Admin. Is this behavior of UUCP new to HDB, or has been in OLD UUCP all along? If an old UUCP talks to your machine with -x, will your UUCP turn on debugging? I am glad you posted this article. I will add it to my much needed supplemental documentation on UUCP. > Summary: ...and I think I want to kill him. I think your hit list should be a bit more comprehensive. :-) In article <609@ccssrv.UUCP>, perry@ccssrv.UUCP (Perry Hutchison) writes: > By way of preventing such incidents in the future, it sounds to me like > uucico could be patched such that setting -x does _not_ automagically put > the _remote_ end into -x mode. I think this is your only hope. Posting an article telling people what the consequences are will help some. But I don't think you can overcome this problem with an education campaign. Besides, there is something not quite right about a system that behaves that way. Even if it were well documented, I think it is a mistake. If you ever have need for allowing remote control -x mode, demand that someone ask for it, with a separate option. I think the principle, "if you want it, you must ask for it", should apply to a feature like that. The book, "The Psychology of Everyday Things", by Donald A. Norman, comes to mind. (diverting all power to flame shields) -- Guy Shaw Paralogics paralogics!shaw@uunet.uu.net or uunet!paralogics!shaw