The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #264 [Re: ~uucp/.forward] (1 message, 899 bytes)
NOTICE: recognises the rights of all third-party works.


From: (Carl S. Gutekunst)
To: phage
Date: Fri 02:53:52 18/11/1988 EST
Subject: Re: ~uucp/.forward
References: [Thread Prev: 266] [Thread Next: 269] [Message Prev: 263] [Message Next: 265]

>If a UUCP neighbor deposited into ~uucp/.forward a file containing
>	"|/bin/sed -e '1,/^$/d'|/bin/sh"
>(which they might be able to do it your ~uucp is uucp-writable as most are),
>and then sent mail to your uucp account, what do you expect would happen?
>Anybody got an idea for a fix?

Certainly. Do what System V has always done: make the home directory for all
uucp logins /usr/lib/uucp, not /usr/spool/uucppublic. We were already doing
that for "uucp," although we were not for all the many per-host logins.

The practice of using ~uucp to refer to /usr/spool/uucppublic is a Berkeley-
ism, both unnecessary and dangerous. The preferred way to refer to the public
directory is via a lone tilde, which is hard wired in the uucp.h file to point
to /usr/spool/uucppublic. As in:

	uucp uunet\!~/comp.sources.unix/volume5/xyzzy.Z \~

After we disabled ~uucp some years ago, we got flames here and there from BSD
sites for about three months; then everyone got used to it.

In general, any directory that is world writable should never be a home
directory for any login. UUCP is just one of the most obviously botched. Of
course, I hadn't thought of the .forward subterfuge, but I had thought of a
lot of others.