Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!julius.cs.uiuc.edu!ux1.cso.uiuc.edu!mp.cs.niu.edu!rickert From: rickert@mp.cs.niu.edu (Neil Rickert) Newsgroups: comp.mail.misc Subject: Re: UUPC nuking command.com? (was Re: UUPC 1.08a available) Message-ID: <1990Sep11.175955.16327@mp.cs.niu.edu> Date: 11 Sep 90 17:59:55 GMT References: <1990Sep11.115623.6091@mp.cs.niu.edu> <1990Sep11.164626.10348@news.clarkson.edu> <8158@helios.TAMU.EDU> Organization: Northern Illinois University Lines: 56 In article <8158@helios.TAMU.EDU> billg@cs.tamu.edu (William Gunshannon) writes: >In article <1990Sep11.164626.10348@news.clarkson.edu> help@kendra.kew.com (Drew Derbyshire - UUPC/extended Help Desk) writes: >>From article <1990Sep11.115623.6091@mp.cs.niu.edu>, by rickert@mp.cs.niu.edu (Neil Rickert): >>> One question: Some earlier versions of UUPC allowed you to do wonderful >>> things such as >>> uucp myfile pcnode!/command.com >>> Mail pcnode!/command.com >> >>Hmmm ... interesting question. The answer to the question may be yes; >>if it is, this is the last release of UUCP that will, because I >>promised someone yesterday that I would add a UUCP command to UUPC for >>the next release -- and if file transfers are supported, I have to >>secure the PC's root directory. (Actually, add a formal permissions file). > >I would think that rather than trying to hack something into MSDOS >that it doesn't support/understand (SECURITY), you would be much >better off to make all file transfers INTO the PC go into a spooling >directory (uucppublic), and leave the final disposition up to the >PC user. There are other files that you probably don't want over-writen > >Comments?? > Absolutely. I totally agree. In working with an earlier version of UUCP I did a little hacking to improve security. My policies were: Incoming UUCP transfers must go to the uucppublic directory in my case \UUPUBLIC if the file contains a '/'. (Otherwise they go to the uucp spooling directory which is presumably safe. Outgoing UUCP transfers must come from the uucppublic directory when initiated from the connecting host, but may come from anywhere if initiated on the PC. I didn't actually implement the latter, for I never got around to creating the UUCP command on the PC. An additional nice little sanity check - the outgoing file in a UUCP transfer is not unlinked if the name contains a '/'. This means that only files in the spooling directory are deleted. Naturally this was added after I had lost a file during experiments. I stopped working on this when I discovered you could just mail to \COMMAND.COM. This is a more difficult security hazard to eliminate, for the delivery of mail by UUPC is based on converting the recipient name to a mail box, then reinvoking the delivery function to deliver to a file. A major reorganization of the delivery mechanism is needed. (I will communicate privately with Drew Derbyshire as to other changes I made, in case he wishes to incorporate some of them. I don't have the time to monkey with UUPC at present). -- =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= Neil W. Rickert, Computer Science Northern Illinois Univ. DeKalb, IL 60115. +1-815-753-6940