Path: utzoo!attcan!uunet!husc6!rutgers!bellcore!tness7!bigtex!james From: james@bigtex.uucp (James Van Artsdalen) Newsgroups: comp.unix.wizards Subject: Re: REMOTE REJECT Failure (also anonymous uucp) Keywords: HDB SysV R3.1.2 anonymous UUCP 386/ix ISC Message-ID: <6280@bigtex.uucp> Date: 17 Aug 88 03:17:23 GMT References: <749@mccc.UUCP> <218@pigs.UUCP> <1988Aug13.185324.1409@gpu.utcs.toronto.edu> <323@occrsh.ATT.COM> <209@alobar.ATT.COM> Reply-To: james@bigtex.UUCP (James Van Artsdalen) Followup-To: comp.mail.uucp Distribution: na Organization: F.B.N. Software, Austin TX Lines: 23 In article <209@alobar.ATT.COM>, grs@alobar.UUCP (Gregg Siegfried) wrote: > [ /usr/lib/uucp/remote.unknown ] > This can be overridden by making this file unexecutable. So a > chmod 600 remote.unknown should allow anyone to uucp into your system. > Note that this is greatly reducing the builtin HDB security, but judicious > use of the Permissions file can help make up for it. If you give each uucp neighbor a separate login and use the VALIDATE= keyword in the permissions file, I think there is little danger from an anonymous uucp login. READ=, NOWRITE= and PUBDIR= also can help. I have tested that on the bigtex anonymous uucp login, and it appears impossible to for someone to claim to by system "juniper" without logging in under "ujuniper" with the correct password - the nuucp login cannot be used. I also recommend using COMMANDS= to point rmail to something other than /bin/rmail, so that people can send mail, but not out into the net. -- James R. Van Artsdalen ...!uunet!utastro!bigtex!james "Live Free or Die" Home: 512-346-2444 Work: 328-0282; 110 Wild Basin Rd. Ste #230, Austin TX 78746