joemu@nsc-pdc.UUCP (Joe Mueller) (07/09/85)
[eat me] First I would like to thank all the people that replied to me regarding the uucp problem that I have been experiencing. I have found several "gotchas" in the code and since several people asked for any leads I may have, I'm posting the fixes here. The following was the result of running "diff oldfile newfile": 1. The legendary sign extend bug: In pk0.c in routine chksum the following lines were changed: 636c636 < sum += (unsigned)*s++ & 0377; --- > sum += (unsigned char)*s++ & 0377; 638c638 < if ((unsigned)sum <= t) { --- > if ((unsigned short)sum <= t) { 643c643 < return(sum); --- > return(sum & 0xffff); In pk1.c the following diagnostic printouts were changed: 168c178 < PKDEBUG(7, "rec h->cntl %o\n", (unsigned) h->cntl); --- > PKDEBUG(7, "rec h->cntl %o\n", (unsigned char) h->cntl); 288c298 < PKDEBUG(7, "send %o\n", (unsigned) cntl); --- > PKDEBUG(7, "send %o\n", (unsigned char) cntl); 2. The default rules for USERFILE don't work. i.e. if a field is blank, it should behave as a wildcard and match anything. For example the following line would be the most permissive line in a USERFILE. ", /" The quotes would not actually appear in USERFILE. This line would allow anyone from anywhere to access the entire file system (assuming the read- write permissions on individual files are ok) In chkpth.c in routine rdpth the following lines were changed: 176c186 < else if (*u->us_mname == '\0' && Mchdef == NULL) --- > if (*u->us_mname == '\0' && Mchdef == NULL) In chkpth.c in routine callback the following lines were changed: 250d259 < int found_mch = 0; 259,260c268 < if (strncmp(u->us_mname, mch_name, SYSNSIZE) == SAME) { < found_mch = 1; --- > if (u->us_mname[0] == '\0' || (strncmp(u->us_mname, mch_name, SYSNSIZE) == SAME)) { 262c270 < if (strcmp(u->us_lname, log_name) == SAME) { --- > if (u->us_lname[0] == '\0' || (strcmp(u->us_lname, log_name) == SAME)) { 266,267d273 < else < continue; 269,277d274 < if (u->us_mname[0] != '\0') < continue; < if (strcmp(u->us_lname, log_name) != SAME) < continue; < if (found_mch) < continue; < /* have found login name with null (default) machine name */ < DEBUG(4,"callcheck2 %d\n",u->us_callback); < return(u->us_callback); 3. If you have someone login to do a uucp transfer with a UID other than the owner of uucico (uucp in most cases), you will get several chown errors in you AUDIT file. This is because uucico is setuid in most cases and the owner of the tty you're talking through is owned by the UID you logged in under. The way I suggest fixing it is NOT to setuid uucico and make all uucp UID's members of the group "uulogins", Then change all the data files in /usr/lib/uucp to have owner and group permissions rather than owner permission only, and all should work ok.