Полезная информация

Practical UNIX & Internet Security

Practical UNIX & Internet SecuritySearch this book
Previous: 15.7 Early Security Problems with UUCPChapter 15
Next: 15.9 Summary

15.8 UUCP Over Networks

Some versions of UNIX, starting in the late 1980s, allowed transfer of files over IP networks in addition to serial lines. This capability was intended as a convenience for sites that were migrating from primarily phone-based networking to IP-based networking that the sites could continue to use existing UUCP configurations. This upgrade was also intended as a stopgap for Usenet news delivery prior to the development of reliable NNTP-based systems.

The way IP-based UUCP works is via a daemon program, usually named uucpd. A receiving host machine will either have a uucpd daemon always running, or it will run when an incoming connection is requested (see Chapter 17). The sending machine's uucico program will connect with the remote machine's uucpd program to transfer files. Instead of running login followed by uucico in Slave mode, the remote site uses uucpd.

The key to keep in mind for security is that the uucp daemon should be disabled on your machine if you are not going to use it. Because you have no telephone lines, you might believe that you don't need to worry about the uucp installation. This is incorrect! If the daemon is enabled, the default uucp configuration files might be enough to allow an outsider to snatch copies of files, install altered commands, or fill up your disk.

If you are not using UUCP over networks, be sure that this aspect is disabled. And if you are not going to be using UUCP at all, we suggest you delete UUCP and its associated files from your system to prevent any accidents that might enable it or allow it to be used against your system.

NOTE: If you have UUCP enabled on a machine with an FTP server, be sure to add all your UUCP accounts to the /etc/ftpusers file. Otherwise, anyone who obtains a UUCP account password will be able to use your ftp service to transfer any files accessible to UUCP into or out of your filesystem (including UUCP control files and binaries - which could compromise your system).

Previous: 15.7 Early Security Problems with UUCPPractical UNIX & Internet SecurityNext: 15.9 Summary
15.7 Early Security Problems with UUCPBook Index15.9 Summary