home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Aminet 4
/
Aminet 4 - November 1994.iso
/
aminet
/
comm
/
uucp
/
wuucp_0_0_29.lha
/
man
/
userfile.doc
< prev
next >
Wrap
Text File
|
1994-06-13
|
4KB
|
89 lines
NAME
UULIB:userfile
SYNOPSIS
-
DESCRIPTION
The UULIB:userfile file provides a means of minimize the vul-
nerability against break-ins, especially if you have an anon
uucp account.
The magic behind userfile:
The userfile is used for mapping hostnames to login names.
Only the loginname/hostname pair is used for the purpose of autosys,
which uses the loginname to check the given password against the
password file.
Example file follows:
---8<---
# UULIB:userfile
#
# username,system callback pathnames
#
ueumelos,eumelos UUPUB:
udanix,danubix UUPUB:
nuucp, UUPUB:
uucp, UUPUB:
, UUPUB:
--->8---
uucico utilizes this file automagically if it exists by taking
the local variable $USER to find an entry in the userfile. If
a matching username is found, it's corresponding system parameter
is checked against the hostname with which the calling system
identifies itself. Sound a little bit wierd, eh? ;) Ok, let's try
to build an example:
Let's assume that the some machine logged in as `udanix' with the
propper password; this is checked by getty which then starts the
appropriate command (uucico in our case).
(Note that your getty MUST set the local variable $USER to `udanix'
to make the following work!)
Our uucico now says "I'm here, my name is my_name, who are you?".
The calling cico answers with "I'm danubix ...", and here's where
the userfile stuff hits the scene:
uucico now compares the system part of udanix' userfile entry
("udanix,danubix UUPUB:") with the name the remote uucico has given
ours. In the example above, userfile's `danubix' matches uucicos
`danubix', everthing is fine, access as system `danubix' is granted
(with all access restrictions).
Now let's assume you do have an open uucp account (anonymous uucp,
usually with login uucp and password uucp) and you DON'T have the
usefile ability. In this case, anyone could log in with the publi-
cally know login and password and start a uucico. BUT, being con-
nected now, that remote uucico could tell our uucico "I'm danubix"
even if this isn't true. Well, at least up to AmigaUUCP 1.16, our
uucico would accept this and gladly transmit ANY data queued for
danubix to that intruder!
Well, fortunately, wUUCP offers this userfile check, finds out that
the system `danubix' does use the login `udanix' instead of `uucp'
and hence drops the connection immediately (telling the remote cico
that it used the wrong login name).
BUGS
This has been tested quite far, but I DO NOT guarantee that this
mechanism does prevent any attacks. You have been warned ;)
At least, it's much better than the old way without any checks.
The pathnames filed must be non empty but is not really used by now;
it might replace the uulib:Security file(s) in the future. Comments
appreciated!
ACKNOWLEDGEMENTS
Got Initial code from Martin Brenner <martin@deepth.tue.sub.org>.
Thanks, Martin!
AUTHOR
Martin Brenner <martin@deepth.tue.sub.org>.
Adopted for wUUCP by Kai 'wusel' Siering <wusel@hactar.hanse.de>.
REFERENCES
uucico, getty, uulib:security