From owner-freebsd-hackers Fri May 30 18:17:00 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id SAA20165 for hackers-outgoing; Fri, 30 May 1997 18:17:00 -0700 (PDT) Received: from seagull.rtd.com (seagull.rtd.com [198.102.68.2]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id SAA20160 for ; Fri, 30 May 1997 18:16:58 -0700 (PDT) Received: (from dgy@localhost) by seagull.rtd.com (8.7.5/8.7.3) id SAA23468; Fri, 30 May 1997 18:16:45 -0700 (MST) From: Don Yuniskis Message-Id: <199705310116.SAA23468@seagull.rtd.com> Subject: Re: uucp uid's To: joerg_wunsch@uriah.heep.sax.de Date: Fri, 30 May 1997 18:16:45 -0700 (MST) Cc: hackers@FreeBSD.ORG In-Reply-To: <19970531020825.GN62992@uriah.heep.sax.de> from "J Wunsch" at May 31, 97 02:08:25 am X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk It seems that J Wunsch said: > As Don Yuniskis wrote: > > > If each UUCP dialup account has a unique login and that is compromised, you > > can tell exactly where the problem originated, can disable that *single* > > account ... > > But that doesn't require distinct UIDs. How? Since *any* UUCP account can masquerade as another "system" and they all appear in your uucp and wtmp logs as "nuucp" (or whatever *single* uid you have them using), how do you determine which account is being used to send spam, etc. > (Forging UUCP mail is about as easy as forging SMTP mail, except for > the latter, you never need a password at all.) Yes. But how do you chase down "undesired" UUCP activity if you can't at least determine which *possible* UUCP dialin was being used? There are other mechanisms that you can employ to cut down on SMTP abuses (i.e. refusing to act as a relay for mail, verifying the identity of the host, etc.) but UUCP has very few defenses -- why discard one that's as easy to implement as simply adding a line to /etc/passwd? --don