Lyndon Nerenberg writes:
> > The convention was to use ``uucp'' as the default anonymous login
> > service.
> I think we're talking about two different things. Yes, many
> UNIX distributions shipped with a passwordless 'uucp' account
> with uucico as the shell. My comments about the 'nuucp'
> convention were referring to the publically visible anonymous
> UUCP sites.
I was merely pointing out that the convention was really that both
logins were in use in the public uucp community. Some sites used uucp
as a login name and some sites used nuucp as a login name. It really
depended on the heritage of the site and the version of uucp in use
there. (I personally used both for different purposes.)
> Early uucico's were definately buggy, however I don't recall these
> bugs ever being exploited to compromise security. (Well, you could
> do DOS attacks by getting the remote uucico to drop core, leaving
> a LCK..site file lying around. SCO's uucico could be made to do
> this just by making faces at it.)
SCO was so far behind the state of software in so many ways. They
definitely were the source of many bugs due to the fact that they had
that strange mix of 7th Edition (inheirited from the Microsoft 286-unix)
and bad implementations of other software. Almost as bad as HP...
> > With the HoneyDanBer uucp, there were no
> > security holes in uucico and it was completely safe to use uucp as an
> > anonymous login service.
> I wouldn't be that absolute. No security holes were ever demonstrated,
> which isn't the same as saying they weren't there. (Did anyone ever
> breach ihnp4?)
As far as I know, HDB was never broken at ihnp4.
> HDB's ability to require a particular UUCP node to connect only with
> a specific login id was a very nice feature. (Or was it Taylor that
> introduced that? My memory is getting a wee bit fuzzy.)
HDB introduced the PERMISSIONS file. Taylor was based on HDB specs
because ATT would not release HDB to the community, in spite of pleas
from all of H, D, and B.
Of course, now it is all a moot point, and all of this is merely of
historical (hysterical?) interest.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message