Xref: utzoo news.admin:4057 comp.mail.uucp:2323
Path: utzoo!attcan!uunet!van-bc!sl
From: sl@van-bc.UUCP (pri=-10 Stuart Lynne)
Newsgroups: news.admin,comp.mail.uucp
Subject: Re: How safe is UUCP? (Was: Virus in the future?)
Message-ID: <1970@van-bc.UUCP>
Date: 22 Nov 88 19:28:42 GMT
References: <74@dsoft.UUCP> <196@libove.UUCP> <8623@rpp386.Dallas.TX.US> <178@heart-of-gold>
Reply-To: sl@van-bc.UUCP (pri=-10 Stuart Lynne)
Organization: Wimsey Associates, Vancouver, BC.
Lines: 35

In article <178@heart-of-gold> jc@heart-of-gold (John M Chambers) writes:
>In article <8623@rpp386.Dallas.TX.US>, jfh@rpp386.Dallas.TX.US (John F. Haugh II) writes:
>
>Normally, L.sys (or Systems) is owned by uucp and has 400 or 600 permissions;
>the uucico daemon runs as a different id, so it can't read this file.  How
>do you get around that?  Oh, sure, if a uucp installation uses the same uid
>for all uucp logins, it's easy, but no admin interested in security would do
>something that silly, I hope.  There's also the point that L.sys is outside

Since when? The uucico program runs setuid to uucp!

L.sys is used in the connection routines for dialing and for verifying system 
names. Both of which need to be done by uucico. Running uucico as a separate
ID would be possible perhaps if you made L.sys readable by a group and put
uucico in that group. But probably not without changes to uucico.



>uucp's competitors, or does someone know things they aren't telling the
>rest of us?

Yes they do. I don't pretend to be a uucp guru (uupc yes, but thats a
different story); but I know of a couple of ways to circumvent uucp.

Unfortunately I don't have time to work out fixes so I'm not broadcasting
details. Most of the problems I know about are fixed in modern uucp's but
still are extent in a lot of running systems. The moral is if you arn't
running HDB on a System V or Xenis system, bug your system provider and get 
it if at all possible.

HDB is rumoured to have problems but is probably orders of magnitude safer
than the older versions.

-- 
Stuart.Lynne@wimsey.bc.ca {ubc-cs,uunet}!van-bc!sl     Vancouver,BC,604-937-7532