Solution to uucp dialin security
day at kovacs.UUCP
day at kovacs.UUCP
Sun Jul 15 22:13:03 AEST 1984
Some uucp sites will not allow other hosts
to call them because giving out their dialup
number would open them up to crackers. This
problem could be dealt with as follows:
Modify login to look at a file, say "/etc/logins",
which would say whether the default is open
logins or restricted logins (nonexistent file would
mean the latter), and for each port, who can or can't
login there. Keep this file readable only by root.
Give each site a unique login name ("u<host>" is common
now) and user id, and allocate one or more dialup lines
restricted those users. This makes it very easy to pull
the plug on any host, and anyone getting access to the
uucp dialin phone number can't get very far.
Then get a hold of the uucico bug fixes that keep
people from snarfing your L.sys file, and make all your
neighbor sites install this mod. Also, you should install
the Fortune uucico mod that allows you to make host x
login as user y (I can't speak for its availability).
Do all this, and you've got it. I think.
--dave
More information about the Comp.unix.wizards
mailing list