Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site kovacs.UUCP
Path: utzoo!linus!decvax!ittvax!dcdwest!sdcsvax!sdcrdcf!randvax!kovacs!day
From: day@kovacs.UUCP
Newsgroups: net.unix-wizards
Subject: Solution to uucp dialin security
Message-ID: <177@kovacs.UUCP>
Date: Sun, 15-Jul-84 08:13:03 EDT
Article-I.D.: kovacs.177
Posted: Sun Jul 15 08:13:03 1984
Date-Received: Tue, 17-Jul-84 06:26:44 EDT
Organization: Robt Abel & Assoc, Hollywood
Lines: 26

Some uucp sites will not allow other hosts
to call them because giving out their dialup
number would open them up to crackers.  This
problem could be dealt with as follows:

Modify login to look at a file, say "/etc/logins",
which would say whether the default is open
logins or restricted logins (nonexistent file would
mean the latter), and for each port, who can or can't
login there.  Keep this file readable only by root.

Give each site a unique login name ("u<host>" is common
now) and user id, and allocate one or more dialup lines
restricted those users.  This makes it very easy to pull
the plug on any host, and anyone getting access to the
uucp dialin phone number can't get very far.

Then get a hold of the uucico bug fixes that keep
people from snarfing your L.sys file, and make all your
neighbor sites install this mod.  Also, you should install
the Fortune uucico mod that allows you to make host x
login as user y (I can't speak for its availability).

Do all this, and you've got it.  I think.

--dave