Path: utzoo!utgpu!watmath!clyde!mcdchg!ditka!kls
From: kls@ditka.UUCP (Karl Swartz)
Newsgroups: news.admin
Subject: Re: How safe is UUCP? (Was: Virus in the future?)
Summary: cunbatch may be necessary
Message-ID: <458@ditka.UUCP>
Date: 19 Nov 88 19:31:41 GMT
References: <74@dsoft.UUCP> <196@libove.UUCP> <2654@sultra.UUCP>
Reply-To: kls@ditka.UUCP (Karl Swartz)
Organization: Inaction Central, Los Alamos, New Mexico
Lines: 18

In article <2654@sultra.UUCP> dtynan@sultra.UUCP (Der Tynan) writes:
>In article <196@libove.UUCP>, root@libove.UUCP (Jay M. Libove) writes:
>> I allow the commands (in /usr/lib/uucp/L.cmds)
>>  rmail, /usr/lib/uucp/uucico, rnews, cunbatch, uucp, uux
>
>Wrong.  You should ONLY allow 'rnews' and 'rmail'.  What you have is a big
>security hole.  For example, cunbatch is called by rnews only.

Jay's machine happens to receive news from a machine that's still running
2.10 news.  Incoming compressed batches from a 2.10 machine cause cunbatch
to be run directly -- not rnews -- so in this case it is appropriate that
cunbatch be listed in L.cmds.  (Or in Permissions on an HDB/BNU system.)

-- 
Karl Swartz		|UUCP	{ames!hc!rt1,uunet!dasys1}!ditka!kls
1-505/667-7777 (work)	|ARPA	rt1!ditka!kls@hc.dspo.gov
1-505/672-3113 (home)	|BIX	kswartz
"I never let my schooling get in the way of my education."  (Twain)