Since all the passwords are trivially guessable, it is easy for
any authorized system to impersonate any other authorized system
at present.
This patch prevents that by hardcoding the username into the uucico
call based on the authorized key from ssh. This causes the incoming
system to need to only present a password, hence the change to chat.
This change will break communication between nodes until all nodes
apply it.
Per the docs:
restrict
Enable all restrictions, i.e. disable port, agent and X11 forwarding,
as well as disabling PTY allocation and execution of ~/.ssh/rc. If
any future restriction capabilities are added to authorized_keys
files they will be included in this set.
The default set of authorized commands is "rnews rmail" per the Taylor
UUCP documentaiton. The way rmail works -- generally injecting a
message in such a way that the MTA sees it as originating locally --
can open up a UUCP node to unahtorized mail relay attacks. Since it
looks like rmail isn't being used across the Tilde UUCP right now,
just block it by default.
John Goerzen