Path: utzoo!utgpu!watserv1!watmath!att!bellcore!rutgers!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!usc!snorkelwacker!spdcc!ima!minya!jc From: jc@minya.UUCP (John Chambers) Newsgroups: comp.protocols.tcp-ip Subject: Re: anonymous ftp, and the dangers thereof Message-ID: <405@minya.UUCP> Date: 12 Jun 90 03:46:59 GMT References: <392@minya.UUCP> <1990Jun8.134620.24070@cs.rochester.edu> Lines: 43 In article <1990Jun8.134620.24070@cs.rochester.edu>, bukys@cs.rochester.edu (Liudvikas Bukys) writes: > In article <392@minya.UUCP> jc@minya.UUCP (John Chambers) writes: > >The obvious counter-example to this is /usr/spool/uucppublic, which > >is almost always world-writable, yet there seem to be no reports of > >even minor problems with this. It's usually considered a useful > >part of uucp, and an assortment of tools are around (uuto/uupick for > >example) are layered on top of it. > > 1. Here's one "minor problem" report: I have heard that .rhosts > files have been uucped into ~uucp. Think about it. Yeah; I've often wondered about the practice of making ~uucp be /usr/lib/uucppublic, and this is just one of the reasons why this isn't a good idea. Even if you aren't on the internet, consider uucping something into ~uucp/.profile, ~uucp/.cshrc, etc. The most basic uucp security says that you only allow the world to write to /usr/lib/uucppublic, which is nobody's home directory. (Of course, since Sun started selling systems on which "nobody" is a valid login, this rule should perhaps be rephrased... :-) Trusted users might be allowed access to other directories, such as their own home directories. But for your own sanity, you should try to prevent the copying of files (especially accidentally) into uucp's home directory. Security aside, correcting the problems when someone duplicates a filename there can be really crazy. This isn't unique to uucp, of course. I've seen several cases of people building email systems with an administrative pseudo-user, whose home directory was the mail spool directory. It seems like a good idea until a higher-level package uses a file-name convention that produces a name that matches one of the control (or source ;-) files. This can be surprisingly difficult to avoid, considering that packages typically come from several sources. "What do you mean, you set up `Systems' and `Dialers' accounts right after we merged /usr/spool/mail with /usr/lib/uucp?" It's a good idea to separate home directories from working directories, if you want to get it all working. -- Uucp: ...!{harvard.edu,ima.com,mit-eddie.edu}!minya!jc (John Chambers) Home: 1-617-484-6393 Work: 1-508-952-3274 Cute-Saying: It's never to late to have a happy childhood.