This is the mail archive of the cygwin@sources.redhat.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

RE: inetd security hole?


Hi Corinna,

Yesterday night (Tues, Aug 8, 2000) Robert Collins
improved my original version.  You might want to
consider merging this version during your next update.
Thanks.

"Please be aware that if you have created your
/etc/passwd via mkpasswd -l then you may have a
security hole. 

If your PC has 'Guest' enabled in order to allow shares
to certain directories on your W2K or NT box, your
passwd file contains an entry for Guest that will allow
anyone to ftp, telnet, etc. to your machine simply by
using user guest and pressing enter for the password.
One solution is to disable the Guest account via User
Manager (NT) or Control Panel - Users and passwords
(W2K), the other is to delete the Guest entry in
/etc/passwd. 

This problem is a weakness in Windows, not Cygwin." 

Bob Heckel


> Thanks, I have checked that into the README with slight
> changes to mention anonymous ftp in that context. 
> 
> However, I will upload another version of inetutils
> this week since 
> I found a problem with anonymous ftp. 
> 
> Corinna





_______________________________________________________
Say Bye to Slow Internet!
http://www.home.com/xinbox/signup.html


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]