tildeverse
/
uucp
Archived
7
3
Fork 13
Code Issues 1 Pull Requests 1 Releases Wiki Activity

Improve security and reliability #16

Manually merged
praetor merged 7 commits from jgoerzen/uucp:master into master 2019-10-27 02:08:44 +00:00
Conversation 2 Commits 7 Files Changed 5 +37 -29
jgoerzen commented 2019-10-23 21:16:09 +00:00
Contributor
Copy Link

This patch series does these things:

  • Blocks rmail by default. Based on conversations and experience, rmail is not being
    used on the tilde network. As it is, it is enabled by default, which means there is
    an open relay since anyone could run uux host!rmail.

  • Uses the stronger "restrict" keyword in authorized_keys

  • Pass the username in authorized_keys instead of having uucico read it (putting uucico -u in authorized_keys). This avoids a hole where the passwords are public, and thus any authorized system could impersonate any other authorized system once ssh'd in.

  • Document the proper permissions for files in /etc/uucp

  • Error detection in /etc/uucp

  • Support ssh on nonstandard ports

  • Prevent remote systems from requesting any file on the system. Local users can still transmit any file on the system to a remote.

Note: There are more entries in authorized_keys than in nodelist. I was unable to properly match all of them up with nodelist entries for the purposes of uuucico -u. Someone should clean that up.

Note2: Since this changes the login chat, once it is merged and applied on nodes, nodes running the old pre-merge branch will need to re-run bootstrap to regain communications.

This patch series does these things: - Blocks rmail by default. Based on conversations and experience, rmail is not being used on the tilde network. As it is, it is enabled by default, which means there is an open relay since anyone could run `uux host!rmail`. - Uses the stronger "restrict" keyword in authorized_keys - Pass the username in authorized_keys instead of having uucico read it (putting uucico -u in authorized_keys). This avoids a hole where the passwords are public, and thus any authorized system could impersonate any other authorized system once ssh'd in. - Document the proper permissions for files in /etc/uucp - Error detection in /etc/uucp - Support ssh on nonstandard ports - Prevent remote systems from requesting any file on the system. Local users can still transmit any file on the system to a remote. Note: There are more entries in authorized_keys than in nodelist. I was unable to properly match all of them up with nodelist entries for the purposes of uuucico -u. Someone should clean that up. Note2: Since this changes the login chat, once it is merged and applied on nodes, nodes running the old pre-merge branch will need to re-run bootstrap to regain communications.
jgoerzen commented 2019-10-23 21:28:15 +00:00
Author
Contributor
Copy Link

Addresses issue #10

Addresses issue #10
ben commented 2019-10-23 22:18:02 +00:00
Owner
Copy Link

This looks great to me; thanks for the patch!

This looks great to me; thanks for the patch!
praetor was assigned by ben 2019-10-23 22:18:08 +00:00
praetor closed this pull request 2019-10-27 02:08:44 +00:00
This repo is archived. You cannot comment on pull requests.
Reviewers
No reviewers
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
praetor
2 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: tildeverse/uucp#16
No description provided.
Delete Branch "jgoerzen/uucp:master"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?