Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 30 May 1997 18:16:45 -0700 (MST)
From:      Don Yuniskis <dgy@rtd.com>
To:        joerg_wunsch@uriah.heep.sax.de
Cc:        hackers@FreeBSD.ORG
Subject:   Re: uucp uid's
Message-ID:  <199705310116.SAA23468@seagull.rtd.com>
In-Reply-To: <19970531020825.GN62992@uriah.heep.sax.de> from "J Wunsch" at May 31, 97 02:08:25 am

next in thread | previous in thread | raw e-mail | index | archive | help
It seems that J Wunsch said:
> As Don Yuniskis wrote:
> 
> > If each UUCP dialup account has a unique login and that is compromised, you
> > can tell exactly where the problem originated, can disable that *single*
> > account ...
> 
> But that doesn't require distinct UIDs.

How?  Since *any* UUCP account can masquerade as another "system"
and they all appear in your uucp and wtmp logs as "nuucp" (or whatever
*single* uid you have them using), how do you determine which
account is being used to send spam, etc.

> (Forging UUCP mail is about as easy as forging SMTP mail, except for
> the latter, you never need a password at all.)

Yes.  But how do you chase down "undesired" UUCP activity if you
can't at least determine which *possible* UUCP dialin was being
used?  There are other mechanisms that you can employ to cut down
on SMTP abuses (i.e. refusing to act as a relay for mail,
verifying the identity of the host, etc.) but UUCP has very few
defenses -- why discard one that's as easy to implement as
simply adding a line to /etc/passwd?

--don



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199705310116.SAA23468>