This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: inetd security issues


What are some measures we can use to avoid someone hacking the
administrator login? Change the administrator account to something
obscure? Is there logging for rlogin and telnet sessions?

-Todd

On Tue, Jul 10, 2001 at 06:07:15PM +0200, Corinna Vinschen wrote:
> On Tue, Jul 10, 2001 at 07:29:40PM +0400, egor duda wrote:
> > Hi!
> > 
> > Tuesday, 10 July, 2001 Corinna Vinschen cygwin@cygwin.com wrote:
> > 
> > CV> Using Cygwin is not secure at all. If you or your admin has
> > CV> honest security concerns don't open up the system by providing
> > CV> services via inetd
> > 
> > actually, i'm not aware of any _remotely_ exploitable holes in cygwin
> > inetutils. do anybody?
> 
> One wide open security hole is already the usage of rlogin and telnet
> as administrator due to the transmission of unencrypted passwords.
> That's not exactly what you're talking of but it's the most obvious
> and the most ignored fact.
> 
> Corinna
> 
> -- 
> Corinna Vinschen                  Please, send mails regarding Cygwin to
> Cygwin Developer                                mailto:cygwin@cygwin.com
> Red Hat, Inc.
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]