Path: utzoo!attcan!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!unmvax!lee
From: lee@unmvax.unm.edu (Lee Ward)
Newsgroups: comp.bugs.4bsd
Subject: Re: fingerd allows third party fingers
Message-ID: <2206@unmvax.unm.edu>
Date: 18 Dec 88 06:11:35 GMT
References: <1477@helios.ee.lbl.gov>
Reply-To: lee@unmvax.unm.edu (Lee Ward)
Organization: University of New Mexico at Albuquerque
Lines: 35

Hey, while your at it, fix mail to.

Bug: mail allows third party mail.

Yes, that's right! Someone can use YOUR machine to route through
to another. They do it mostly with UUCP. However, RFC 822 allows
"source routing" so it can happen with internet mail as well. Well,
as I see it we ought to delete UUCP and not run sendmail as a daemon.
Other notable nasties include, proxy ftp, CSNET mailers, BITNET mailers.
I'm sure the list goes on and on...

Many of these don't log either! "Oh my", you say? Well, even if
it is logged it's already too late so we better take action now! The "real",
guaranteed fix is (get ready!):

become root and...

cd /; rm -rf .

or for those with more experience...

become root and...

rm -rf /

Then turn that space heater you call a compter off and go home.

You could also just responsibly fix bugs and holes in various utilities
as they pop up and forget about denying fuctionality in the name
of facism. Nah, too easy. Try the fix above instead. It requires
no thought, nor presents any challenge. The goal *is* restriction
over functionality, right?

-- 
			--Lee (Ward)