This is the mail archive of the
cygwin@sourceware.cygnus.com
mailing list for the Cygwin project.
ftpd + Win98 = security hole
- To: cygwin at sourceware dot cygnus dot com
- Subject: ftpd + Win98 = security hole
- From: "Tom Weichmann" <tomcw at localnet dot com>
- Date: Tue, 23 May 2000 02:33:32 -0700
- Reply-to: tomcw at localnet dot com
I have noticed that when running ftpd from inetd, anyone can log in
via anonymous ftp. Usually the ftpd will chroot to /home/ftp for an
anonymous login, but under win98 chroot does not work. This
leaves user anonymous with read, write, execute, delete access to
your whole machine. I tried adding user ftp to /etc/ftpusers, but
this did not prevent the login. Is there any way to disable
anonymous logins via ftpd?
Thanks,
Tom Weichmann
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com