Improving the Security of UUCP

If UUCP is not properly installed, a system's security can be compromised. The following is a list of ways to configure UUCP more securely [GS91]:

• If there is not a need for UUCP services, delete or protect the UUCP system.

• The uucico program, a file transport program for the UUCP system, must log into a system in order to transfer files or run commands. Assigning a password to the uucp account can deter crackers from logging in.

• Create additional /etc/password entries for each system that calls your system. Having different logins for each remote system allows an administrator to grant different privileges and access to different remote systems.

• If desired, required callback for certain systems, to deter impersonation attacks.

• Configure UUCP so remote systems can retrieve files only from specific directories.

• If file retrieval is not needed, disable remote file retrieval.

• UUCP control files should be protected so that they cannot be read or modified using the UUCP program.

• Limit the commands which can be executed off site to those that are absolutely necessary.

• To protect information in the L.sys (Version 2) or Systems (Basic Networking Utilities version) log files from being misused, the appropriate file should be owned by the uucp user and be unreadable to anybody but UUCP.

The following is a description of three main UUCP security problems:

1. Mail delivery to files can be used to corrupt system databases or application programs. If a system allows mail to be sent to a file, then the mailer is unsecure and the version of UUCP being used should be disabled or upgraded to a current version.

2. The UUCP system should not allow commands to be encapsulated in addresses. If a system executes commands encapsulated in an address then the uux program is unsecure and should be upgraded to a current version.