This is the mail archive of the
cygwin@sources.redhat.com
mailing list for the Cygwin project.
RE: inetd security hole?
- To: cygwin at sources dot redhat dot com
- Subject: RE: inetd security hole?
- From: Bob Heckel <BHeckel at excite dot com>
- Date: Wed, 9 Aug 2000 16:54:30 -0700 (PDT)
- Cc: robert dot collins at itdomain dot com dot au
- Reply-To: <bheckel at excite dot com>
Hi Corinna,
Yesterday night (Tues, Aug 8, 2000) Robert Collins
improved my original version. You might want to
consider merging this version during your next update.
Thanks.
"Please be aware that if you have created your
/etc/passwd via mkpasswd -l then you may have a
security hole.
If your PC has 'Guest' enabled in order to allow shares
to certain directories on your W2K or NT box, your
passwd file contains an entry for Guest that will allow
anyone to ftp, telnet, etc. to your machine simply by
using user guest and pressing enter for the password.
One solution is to disable the Guest account via User
Manager (NT) or Control Panel - Users and passwords
(W2K), the other is to delete the Guest entry in
/etc/passwd.
This problem is a weakness in Windows, not Cygwin."
Bob Heckel
> Thanks, I have checked that into the README with slight
> changes to mention anonymous ftp in that context.
>
> However, I will upload another version of inetutils
> this week since
> I found a problem with anonymous ftp.
>
> Corinna
_______________________________________________________
Say Bye to Slow Internet!
http://www.home.com/xinbox/signup.html
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com