7. Security
The uucp system, left unrestricted,
will let any outside user execute any commands
and copy in/out any file which is readable/writable
by the uucp login user.
It is up to the individual sites to be aware of this and
apply the protections that they feel are necessary.
There are several security features available aside from the
normal file mode protections.
These must be set up by the installer of the
uucp
system.
- -
-
The login for uucp does not get a standard shell.
Instead, the
uucico
program is started.
Therefore, the only work that can be done is through
uucico.
- -
-
A path check is done on file names that are to be sent
or received.
The
USERFILE
supplies the information for these checks.
The
USERFILE
can also be set up to require call-back
for certain login-ids.
(See the ``Files required for execution'' section
for the file description.)
- -
-
A conversation sequence count can be set up so
that the called system
can be more confident that the caller
is who he says he is.
- -
-
The
uuxqt
program comes with a list of commands that it
will execute.
A ``PATH'' shell statement is prepended to the command
line as specifed in the
uuxqt
program.
The installer may modify the list or remove the
restrictions as desired.
- -
-
The
L.sys
file should be owned by uucp and have mode 0400
to protect the phone numbers and login information
for remote sites.
(Programs uucp, uucico, uux, uuxqt should be also
owned by uucp and have the setuid bit set.)