Improve security and reliability #16
Loading…
Reference in New Issue
No description provided.
Delete Branch "jgoerzen/uucp:master"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This patch series does these things:
Blocks rmail by default. Based on conversations and experience, rmail is not being
used on the tilde network. As it is, it is enabled by default, which means there is
an open relay since anyone could run
uux host!rmail
.Uses the stronger "restrict" keyword in authorized_keys
Pass the username in authorized_keys instead of having uucico read it (putting uucico -u in authorized_keys). This avoids a hole where the passwords are public, and thus any authorized system could impersonate any other authorized system once ssh'd in.
Document the proper permissions for files in /etc/uucp
Error detection in /etc/uucp
Support ssh on nonstandard ports
Prevent remote systems from requesting any file on the system. Local users can still transmit any file on the system to a remote.
Note: There are more entries in authorized_keys than in nodelist. I was unable to properly match all of them up with nodelist entries for the purposes of uuucico -u. Someone should clean that up.
Note2: Since this changes the login chat, once it is merged and applied on nodes, nodes running the old pre-merge branch will need to re-run bootstrap to regain communications.
Addresses issue #10
This looks great to me; thanks for the patch!