Path: utzoo!attcan!uunet!ncrlnk!ncrcae!ece-csc!ncsuvx!gatech!ukma!xanth!ames!netsys!len
From: len@netsys.COM (Len Rose)
Newsgroups: news.sysadmin
Subject: Re: Site impersonation (was: Is uunet a security hole?)
Summary: Permissions is the key.
Keywords: uucp logins security
Message-ID: <11852@netsys.COM>
Date: 14 Jan 89 09:32:36 GMT
References: <10420@rpp386.Dallas.TX.US> <44465@beno.seismo.CSS.GOV> <11687@netsys.COM> <44477@beno.seismo.CSS.GOV> <514@ssbn.WLK.COM>
Reply-To: len@netsys.COM (Len Rose)
Followup-To: news.sysadmin
Distribution: na
Organization: Netsys,Inc.
Lines: 23

The key thing to remember is that with the Permissions file
setup correctly penetration cannot be any deeper than stealing
mail or sending/receiving files from permissible directories.
Using the NOREAD=/etc option in Permissions, I have nothing to 
fear from any bogus site. They certainly can't obtain my password
file.

If your site is involved in confidential mail traffic,encryption
is obviously being used since uucp mail is snoopable by anyone
in the chain..

I shouldn't have used the word "safe" in previous articles. But
I do feel "safe" in running with an open uucp login with a well
written Permissions file. 

I do not disagree with anyone who says password protected logins
are better,it merely suits my site's environment.



-- 
len@netsys.com
{ames,att,rutgers}!netsys!len