Path: utzoo!attcan!uunet!husc6!cs.utexas.edu!ssbn!bill From: bill@ssbn.WLK.COM (Bill Kennedy) Newsgroups: news.sysadmin Subject: Site impersonation (was: Is uunet a security hole?) Summary: It needn't be all bad Keywords: uucp logins security Message-ID: <514@ssbn.WLK.COM> Date: 8 Jan 89 17:57:54 GMT References: <10420@rpp386.Dallas.TX.US> <44465@beno.seismo.CSS.GOV> <11687@netsys.COM> <44477@beno.seismo.CSS.GOV> Reply-To: bill@ssbn.WLK.COM (Bill Kennedy) Distribution: na Organization: W.L. Kennedy Jr. and Associates, Pipe Creek, TX Lines: 55 In article <44477@beno.seismo.CSS.GOV> rick@seismo.CSS.GOV (Rick Adams) writes: >> account. Running with "nuucp" and no password is safe if you have your >> Permissions file set up correctly. > >I don't consider it "safe" when any site that also has an entry >in that sites Systems file can impersonate me. > >Do you call that safe? > >---rick Well I don't agree with Len about nuucp with no password, but we've already disagreed. No, I don't consider it necessarily "unsafe" for one site to impersonate another. HDB/BNU makes that rather easy to do with MYNAME= and this site encourages that use to permit semi-anonymous access to an archive. The Permissions entry for that login are very restricted but they do permit sending and receiving mail and files. It's a blessing for me because I do not have to have an ID and password for those occaisional calls. There is one ID and password for them and a VALIDATE= in Permissions that checks for the proper MYNAME= behavior on their part. There's a risk in that that I have decided is offset by the convenience of using it. That risk could be lessened considerably if there was an equaivalent THEIRNAME=. Sure, it could be overcome but not without cooperating SA's or a purloined Permissions file. I'll describe one scenario where it could be useful and then another where impersonating/masquerading another site is good. Accessing the att gateways (ih, cb, and mt) could be facilitated if they would say who they were in response to our saying who we are. This would enable us to collect things queued up for us without requiring that each gateway call us (sometimes only moments after we just called them). It would require a MYNAME= on our side and a THEIRNAME= on their side. Right now att won't SENDFILES because with just MYNAME= anyone can pretend they are anyone else. The two, used in cooperation, would be helpful. It would also be helpful to know for sure which one we were talking to (even though they say it doesn't matter). I use MYNAME= extensively for testing out new equipment and connections. If I am unsure that a remote site's connection is working as desired I can either MYNAME= and have one modem line call the other on the same system or I can have another system right here masquerade as the remote site and determine where the problem is. Without this capability you need two humans on a voice line telling each other what the uucp lines are doing. If you're long distance from everywhere on earth (ssbn is) you can burn a lot of quarters tracking down typos in the files, etc. In defense of Rick's remark, no, I don't like the notion of another site masquerading as ssbn with one of ssbn's neighbors. No, I don't think that it's "safe". But as (I hope) I have shown, MYNAME= can be very useful and it could be tightened up considerably if there was a THEIRNAME= companion. Let's not try to explore the possibilities of how that could be extorted, it would require SA cooperation to do or a stolen Permissions file. If your Permissions file is cooked then all bets are off anyway. -- Bill Kennedy usenet {killer,att,cs.utexas.edu,sun!daver}!ssbn!bill internet bill@ssbn.WLK.COM