lauren@vortex.UUCP (Lauren Weinstein) (06/10/85)
Here's some more information regarding the uucp bug reported by Yost involving "null" sitenames. The bug has been found to exist with at least some V7 and 4.2 uucico's. The bug does NOT appear to exist with later uucico's, including System V and other recent versions. While at first the reported bug sounds pretty serious, in reality it probably isn't too significant given the "real world." Many (most?) site administrators have their USERFILEs set up in such a way that most any site, once logged in, could easily identify itself as some OTHER site and grab all that other site's mail. This situation has been generally known for a very long time and is independent of any bugs--it's just the way people have tended to operate. There are even many sites that run openly publicized uucp logins, which makes it even easier for any site to masquerade as another. Once again, this situation has been well known for a very long time, and even considered desirable by many sites. It is important to remember that, if you're really interested in security, you should really only be giving out logins to sites you trust. If you trust the site administrators at a calling site not to purposely try exercise such a bug, you have nothing to worry about. In any case, any site triggering such a bug will be extremely obvious in the logs--it would be trivial to grep the logs occasionally if really desired. If you find a site that has violated your trust by playing games you remove their login. Easy enough. On the other hand, sites that run open logins have already essentially thrown any semblance of sitename security out the window anyway--with or without any bugs--so they don't even have to worry about checking their logs--what's the point when the open logins allow any site to identify itself as another site as a desired feature, not a bug! I'm told that some people are already working on a simple source fix and a simple binary patcher to fix the null bug for all of those sites who are concerned. So the problem, such as it is, shouldn't be difficult for everyone to quickly fix in any case. Once again, it appears likely that System V sites and other sites running recent uucico's are not affected anyway, and can probably ignore this whole issue. On the other hand, everyone should realize that, bug or no bug, the way many sites are run has implicitly traded security for flexibility, and that the ability for sites to identify as other sites has been recognized to exist in most configurations, and considered to be a feature by many sites, for a very long time. In my opinion, the best procedure is to use separate logins for each site (or at least separate "classes" of login) and to only give access to systems you trust. It will be pretty obvious pretty quickly if one particular site starts playing around, and they can be dealt with individually. The bottom line: nothing much has changed--no need to panic! --Lauren--