UUCP to protected directories

[Dominick Samperi]

I'm trying to come up with a moderately secure way to transfer files
between two UNIX systems via UUCP, where the files may be in directories
that are accessible only to a particular user (or group). The solution that
I'm currently using involves the use of a filter program on the machine
containing the protected files. This program is in /usr/bin (where uuxqt
can find it), and is set uid (or gid) to the user (or group) whose files we
want to access. The filter checks the real user id of the person executing it,
and if it is not the uid of the remote machine (the one that is supposed to
have access to the protected files), it just terminates.

This prevents users on the machine containing the filter from executing it,
but it does not prevent an arbitrary user on the remote machine from sending
files through the filter on the machine containing the protected files.

The question that remains is how to insure, in a reasonably secure fashion,
that only certain users on one machine are permitted to run a particular
program on another machine. I am currently doing this by having the filter
program check the environment variable UU_USER (set by uucp to the user
on the remote machine that ran uux), and I'm not sure how secure this is.
It leads to another question. Namely, is it possible for a user on one
machine to set the environment for the uux-ed command on another machine?
In particular, is it possible for a remote user to insure that UU_USER is
set to his/her own name?

Any comments would be greatly appreciated.

-- 
Dominick Samperi, Manhattan College, NYC
    manhat!samperi at NYU.EDU           ihnp4!rutgers!nyu.edu!manhat!samperi
    philabs!cmcl2!manhat!samperi     ihnp4!rutgers!hombre!samperi
              (^ that's an ell)      uunet!swlabs!mancol!samperi