Path: utzoo!attcan!uunet!lll-winken!netsys!len
From: len@netsys.COM (Len Rose)
Newsgroups: news.admin
Subject: Re: Is uunet a security hole? (change the topic,it isn't)
Keywords: uucp logins security
Message-ID: <11687@netsys.COM>
Date: 8 Jan 89 01:22:40 GMT
References: <10420@rpp386.Dallas.TX.US> <44465@beno.seismo.CSS.GOV> <300@ssbn.WLK.COM> <44466@beno.seismo.CSS.GOV> <510@genesis.ATT.COM>
Reply-To: len@netsys.COM (Len Rose)
Followup-To: news.sysadmin
Organization: Netsys,Inc.
Lines: 16


# If you are so bold as to have no uucp password, anybody can use this
# to figure out how to get in to your system, since uucico is happy to
# display anything you echo back (like the login id).  If you have a
# password, there is no security breach.

If you have your Permissions file set up correctly , you can run with
no password. HoneyDanBer or BNU as AT&T likes to describe it has several
options in /usr/lib/uucp/Permissions that can be set to lock down any
account. Running with "nuucp" and no password is safe if you have your
Permissions file set up correctly. 


-- 
len@netsys.com
{ames,att,rutgers}!netsys!len