Path: utzoo!mnetor!uunet!husc6!bloom-beacon!tut.cis.ohio-state.edu!osu-cis!att-cb!att-ih!ihnp4!iwfap!psfales
From: psfales@iwfap.ATT.COM (fales)
Newsgroups: comp.mail.uucp
Subject: Re: HDB uucp security hole ?
Message-ID: <116@iwfap.ATT.COM>
Date: 8 Apr 88 13:30:38 GMT
References: <4210002@hpirs.HP.COM>
Organization: AT&T Bell Laboratories - Naperville, Illinois
Lines: 18

In article <4210002@hpirs.HP.COM>, dennis@hpirs.HP.COM (Dennis D. Lee) writes:
 > 
 >   On AT&T System V.2.1 uucp (HoneyDanBer) , the remote system's password is
 >   printed when using the -x option with a level higher than 3. 
 > 
 >   This is a very serious security hole. Have anybody else noticed this 
 >   problem and made a fix to it?

This is not a bug, it's a feature!  The remote password is only printed
when you are running the uucico as root (and -x > 3).  This is an aid
to administrator's doing debugging, while not compromising security
for normal users.

-- 
Peter Fales		UUCP:	...ihnp4!ihlpe!psfales
			work:	(312) 979-7784
				AT&T Information Systems, IW 1Z-243
				1100 E. Warrenville Rd., IL 60566