Usenet Security

Thu Feb 25 04:02:40 AEST 1988

I'll address dial-in security and uucp security here.
I don't quite know what usenet security problem is in question.

It's wise to buy a cheap UNIX box and make it your uucp/mail/news
gateway.  Don't put any vital info on the machine, and you'll have
nothing to lose.  If you are concerned about security, the minimal
expense will we well invested.  Connect the gateway to your work
machines with ethernet, and remove any dangerous programs (like rlogin,
for instance) from the gateway machine.  If you're serious about
security, you don't put phones on your machine.  With the cost of
hardware and the cost of security these days, it's silly to put
uucp lines on a machine that you are worried about.

uucp systems other than BNU (aka honey danber, or the latest AT&T
uucp) use USERFILE, which, while it may be used to restrict access
to remote users, is hard to customize on a per system/per user basis.
The code and documentation is arcane, and has been rewritten many times
by many people in an attempt to get it to work.  

You longtime uucp users might say "it works for me..."  I suggest that
you spend some time fiddling with the USERFILE setting up different
sites and users at different levels of security, and read the chkpth()
code, and see how goofy it is.  It might work in 4.3bsd, but in
general, USERFILE processing is buggy, and most sites simply put

	, /
or
	, /usr/spool/uucp

in there.  Actually, I think ", /" doesn't work in most older uucp's, you
have to put the line in twice because of weird parsing problems with null
USERFILE descriptors.

The BNU Permissions file takes some getting used to.  It's more verbose,
more flexible, and cleaner.  The Permissions file has been one of the major
selling points for BNU uucp.  I have never had a problem bringing up
BNU under new UNIX system, AT&T or BSD based.

If you don't have dial-ins, you don't have intruders logging in over
them.  Assuming you want uucp dial-ins, there is a way to make them
quite secure.  (I learned this method from Brian Redman - ber of honey
danber fame.)  Hack up a copy of login that only allows uucp's to log
in, and only forks uucico.  You could post your /etc/passwd to usenet,
and no one would be able to log in over those uucp-only lines.  It
would be wise to keep your user dial-in phone numbers secret ("security
through obscurity," as I've heard Karl Heuer, the Walking Lint, call
it).  Segregating your user dial-ins from your uucp dial-ins only
involves the base cost of phone lines, it isn't changing the i/o load
any.

It's a good idea to give your uucp dial-in users separate /etc/passwd
entries.  This makes it easier to monitor per-user access, both using
the uucp log files and the "last" command to peruse the wtmp records.

If you want to monitor use of uucp or netnews posting, you can use the
log files provided by these systems, or if you find them unsatisfactory,
you can easily write front-end shell scripts to provide your own
logging.

	Andrew Tannenbaum   Interactive   Boston, MA   +1 617 247 1155