Path: utzoo!attcan!uunet!fciva!dag
From: dag@fciva.FRANKLIN.COM (Daniel A. Graifer)
Newsgroups: news.admin
Subject: Re: Is uunet a security hole?
Keywords: uucp logins security
Message-ID: <443@fciva.FRANKLIN.COM>
Date: 4 Jan 89 14:48:27 GMT
References: <10420@rpp386.Dallas.TX.US> <44465@beno.seismo.CSS.GOV> <300@ssbn.WLK.COM> <44466@beno.seismo.CSS.GOV> <10445@admin.mips.COM>
Reply-To: dag@fciva.UUCP (Daniel A. Graifer)
Organization: Franklin Capital Investments, Inc. McLean, Va.
Lines: 25

In article <10445@admin.mips.COM> rogerk@mips.COM (Roger B.A. Klorese) writes:
>In article <44466@beno.seismo.CSS.GOV> rick@seismo.CSS.GOV (Rick Adams) writes:
>>If uutry allows people without normal read access (i.e. use the access
>>system call on the System file) to run uucico with debugging, then it
>>is badly broken and should be fixed. The BSD uucico fixed this
>>many years ago.
>
>If I remember correctly, it allows debugging but prints ??????? for the
>chat script, which seems like a reasonable approach.

This is true, but if you have echo turned on by default, or your Dialer file
turns it on for Hayes-type modems (ex. Telebit)  they will see the modem 
echo the commands back.  Unfortunately, having echo on is useful for debugging,
and I have my script set up to "send A, expect A, else send A, expect A" etc 
trying to make sure the serial port and the modem are at the same baud rate.

Does anyone know if "ATS50=255E=0\rATDT0123456789E=1\r" will do the correct
thing (ie. turn on echo back on before dialing the telephone number)?

Dan

-- 
Daniel A. Graifer			Franklin Capital Investments
uunet!fciva!dag				7900 Westpark Drive, Suite A130
(703)821-3244				McLean, VA  22102