Path: utzoo!attcan!uunet!husc6!rutgers!bellcore!tness7!bigtex!james
From: james@bigtex.uucp (James Van Artsdalen)
Newsgroups: comp.unix.wizards
Subject: Re: REMOTE REJECT Failure (also anonymous uucp)
Keywords: HDB SysV R3.1.2 anonymous UUCP 386/ix ISC
Message-ID: <6280@bigtex.uucp>
Date: 17 Aug 88 03:17:23 GMT
References: <749@mccc.UUCP> <218@pigs.UUCP> <1988Aug13.185324.1409@gpu.utcs.toronto.edu> <323@occrsh.ATT.COM> <209@alobar.ATT.COM>
Reply-To: james@bigtex.UUCP (James Van Artsdalen)
Followup-To: comp.mail.uucp
Distribution: na
Organization: F.B.N. Software, Austin TX
Lines: 23

In article <209@alobar.ATT.COM>, grs@alobar.UUCP (Gregg Siegfried) wrote:

> [ /usr/lib/uucp/remote.unknown ]
> This can be overridden by making this file unexecutable.  So a 
> chmod 600 remote.unknown should allow anyone to uucp into your system.

> Note that this is greatly reducing the builtin HDB security, but judicious
> use of the Permissions file can help make up for it.

If you give each uucp neighbor a separate login and use the VALIDATE=
keyword in the permissions file, I think there is little danger from
an anonymous uucp login.  READ=, NOWRITE= and PUBDIR= also can help.
I have tested that on the bigtex anonymous uucp login, and it appears
impossible to for someone to claim to by system "juniper" without
logging in under "ujuniper" with the correct password - the nuucp
login cannot be used.

I also recommend using COMMANDS= to point rmail to something other
than /bin/rmail, so that people can send mail, but not out into the
net.
-- 
James R. Van Artsdalen    ...!uunet!utastro!bigtex!james     "Live Free or Die"
Home: 512-346-2444 Work: 328-0282; 110 Wild Basin Rd. Ste #230, Austin TX 78746