Path: utzoo!attcan!uunet!van-bc!sl
From: sl@van-bc.UUCP (pri=-10 Stuart Lynne)
Newsgroups: news.admin
Subject: Re: How safe is UUCP? (Was: Virus in the future?)
Message-ID: <1962@van-bc.UUCP>
Date: 21 Nov 88 03:12:15 GMT
References: <74@dsoft.UUCP> <196@libove.UUCP> <8623@rpp386.Dallas.TX.US>
Reply-To: sl@van-bc.UUCP (pri=-10 Stuart Lynne)
Organization: Wimsey Associates, Vancouver, BC.
Lines: 26

In article <8623@rpp386.Dallas.TX.US> jfh@rpp386.Dallas.TX.US (John F. Haugh II) writes:
>In article <196@libove.UUCP> root@libove.UUCP (Jay M. Libove) writes:
>|I allow the commands (in /usr/lib/uucp/L.cmds)
>| rmail, /usr/lib/uucp/uucico, rnews, cunbatch, uucp, uux
>|
>|and my /usr/lib/uucp/USERFILE contains
>| uucp, /
>| , /
>|
>|So, how vulnerable am I?


>Surprize Jay, all of your files have just been turned to mush.  And
>since I can get the L.sys info for your neighbors from your machine, I
>should be wrecking havoc on the net for days to come.


If you have a USERFILE, L.sys can be stolen from most SCO Xenix systems (i.e.
if you are not running HDB). A lot of generic System V systems too!
Irregardless of *what* is in USERFILE.

Moral: Get HDB if at all possible if you allow anything other than *very*
trusted sites to login into your system.

-- 
Stuart.Lynne@wimsey.bc.ca {ubc-cs,uunet}!van-bc!sl     Vancouver,BC,604-937-7532