Path: utzoo!mnetor!uunet!husc6!bloom-beacon!gatech!codas!mikel
From: mikel@codas.att.com (Mikel Manitius)
Newsgroups: comp.mail.uucp
Subject: Re: HDB uucp security hole ?
Message-ID: <11730@codas.att.com>
Date: 9 Apr 88 14:48:13 GMT
References: <116@iwfap.ATT.COM>
Organization: AT&T, Altamonte Springs, FL
Lines: 14

In article <116@iwfap.ATT.COM>, psfales@iwfap.ATT.COM (fales) writes:
> 
> This is not a bug, it's a feature!  The remote password is only printed
> when you are running the uucico as root (and -x > 3).

Actually this is configureable at compile time.

One can configure the range of group IDs that will have passwords
made visible to them at high debug levels. The default is gid 0 to 10,
which is why root (gid 0) and uucp (gid 5) get to see them, and
normal users don't.
-- 
					Mikel Manitius
					mikel@codas.att.com