Path: utzoo!yunexus!geac!geaclib!daveb
From: daveb@geaclib.UUCP (David Collier-Brown)
Newsgroups: news.admin
Subject: Re: How safe is UUCP?
Summary: Not very.
Message-ID: <3423@geaclib.UUCP>
Date: 16 Nov 88 02:15:42 GMT
Article-I.D.: geaclib.3423
References: <8623@rpp386.Dallas.TX.US>
Organization: GEAC Computers, Toronto, CANADA
Lines: 22

From article <8623@rpp386.Dallas.TX.US>, by jfh@rpp386.Dallas.TX.US (John F. Haugh II):
> What did you say that phone number was?  This I have to take a crack
> at.  The /etc/passwd file should be snatchable with one simple UUCP
> command.  Then, several whiles of work should produce the root password,
> and

  In general, any system which will do work for another system, such
as forward mail, can act as a mechanism for the owrm to transport
itself.  If the system will allow any (other) operation, each
permitted operation has to be considered case-by-case to see what it
can do, and therefor whether it can be used in  asecurity breach.

  Uux, given permission to "pass on this mail", can in principle be
misused to pass on (or back) other things.  Once upon a time, it was
incautious enough to do far too much. 

--dave (was my SysAdmin **ever** pissed off) c-b
-- 
 David Collier-Brown.  | yunexus!lethe!dave
 Interleaf Canada Inc. |
 1550 Enterprise Rd.   | HE's so smart he's dumb.
 Mississauga, Ontario  |       --Joyce C-B