bill@ssbn.WLK.COM (Bill Kennedy) (01/09/89)
In article <44477@beno.seismo.CSS.GOV> rick@seismo.CSS.GOV (Rick Adams) writes: >> account. Running with "nuucp" and no password is safe if you have your >> Permissions file set up correctly. > >I don't consider it "safe" when any site that also has an entry >in that sites Systems file can impersonate me. > >Do you call that safe? > >---rick Well I don't agree with Len about nuucp with no password, but we've already disagreed. No, I don't consider it necessarily "unsafe" for one site to impersonate another. HDB/BNU makes that rather easy to do with MYNAME= and this site encourages that use to permit semi-anonymous access to an archive. The Permissions entry for that login are very restricted but they do permit sending and receiving mail and files. It's a blessing for me because I do not have to have an ID and password for those occaisional calls. There is one ID and password for them and a VALIDATE= in Permissions that checks for the proper MYNAME= behavior on their part. There's a risk in that that I have decided is offset by the convenience of using it. That risk could be lessened considerably if there was an equaivalent THEIRNAME=. Sure, it could be overcome but not without cooperating SA's or a purloined Permissions file. I'll describe one scenario where it could be useful and then another where impersonating/masquerading another site is good. Accessing the att gateways (ih, cb, and mt) could be facilitated if they would say who they were in response to our saying who we are. This would enable us to collect things queued up for us without requiring that each gateway call us (sometimes only moments after we just called them). It would require a MYNAME= on our side and a THEIRNAME= on their side. Right now att won't SENDFILES because with just MYNAME= anyone can pretend they are anyone else. The two, used in cooperation, would be helpful. It would also be helpful to know for sure which one we were talking to (even though they say it doesn't matter). I use MYNAME= extensively for testing out new equipment and connections. If I am unsure that a remote site's connection is working as desired I can either MYNAME= and have one modem line call the other on the same system or I can have another system right here masquerade as the remote site and determine where the problem is. Without this capability you need two humans on a voice line telling each other what the uucp lines are doing. If you're long distance from everywhere on earth (ssbn is) you can burn a lot of quarters tracking down typos in the files, etc. In defense of Rick's remark, no, I don't like the notion of another site masquerading as ssbn with one of ssbn's neighbors. No, I don't think that it's "safe". But as (I hope) I have shown, MYNAME= can be very useful and it could be tightened up considerably if there was a THEIRNAME= companion. Let's not try to explore the possibilities of how that could be extorted, it would require SA cooperation to do or a stolen Permissions file. If your Permissions file is cooked then all bets are off anyway. -- Bill Kennedy usenet {killer,att,cs.utexas.edu,sun!daver}!ssbn!bill internet bill@ssbn.WLK.COM
zeeff@b-tech.ann-arbor.mi.us (Jon Zeeff) (01/09/89)
>In article <44477@beno.seismo.CSS.GOV> rick@seismo.CSS.GOV (Rick Adams) writes: >> >>I don't consider it "safe" when any site that also has an entry >>in that sites Systems file can impersonate me. >> In case other postings wern't clear, the HDB VALIDATE option makes it possible to require any site claiming to be xxx to use login yyy. This eliminates any impersonation problem (except for sites which share a login). -- Jon Zeeff zeeff@b-tech.ann-arbor.mi.us Support ISO 8859/1 zeeff%b-tech.uucp@umix.cc.umich.edu Ann Arbor, MI umix!b-tech!zeeff
rick@seismo.CSS.GOV (Rick Adams) (01/10/89)
In article <5048@b-tech.ann-arbor.mi.us>, zeeff@b-tech.ann-arbor.mi.us (Jon Zeeff) writes: > >In article <44477@beno.seismo.CSS.GOV> rick@seismo.CSS.GOV (Rick Adams) writes: > >> > >>I don't consider it "safe" when any site that also has an entry > >>in that sites Systems file can impersonate me. > >> > > In case other postings wern't clear, the HDB VALIDATE option makes it > possible to require any site claiming to be xxx to use login yyy. This > eliminates any impersonation problem (except for sites which share a login). ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ That was my point. If sites share a login, then any of them can impersonate one of the others. Therefore, it is unsafe. The orignal article claimed that if your Permissions was set up properly, you could "safely" run with one login. You may find this level of "safety" acceptable for certain situations, but it is not inherently "safe". ---rick
len@netsys.COM (Len Rose) (01/14/89)
The key thing to remember is that with the Permissions file
setup correctly penetration cannot be any deeper than stealing
mail or sending/receiving files from permissible directories.
Using the NOREAD=/etc option in Permissions, I have nothing to
fear from any bogus site. They certainly can't obtain my password
file.
If your site is involved in confidential mail traffic,encryption
is obviously being used since uucp mail is snoopable by anyone
in the chain..
I shouldn't have used the word "safe" in previous articles. But
I do feel "safe" in running with an open uucp login with a well
written Permissions file.
I do not disagree with anyone who says password protected logins
are better,it merely suits my site's environment.
--
len@netsys.com
{ames,att,rutgers}!netsys!len