This is the mail archive of the
cygwin@sources.redhat.com
mailing list for the Cygwin project.
Re: inetd security hole?
- To: bheckel at excite dot com
- Subject: Re: inetd security hole?
- From: Corinna Vinschen <vinschen at cygnus dot com>
- Date: Wed, 09 Aug 2000 12:27:26 +0200
- CC: cygwin at sources dot redhat dot com
- References: <12793451.965784621742.JavaMail.imail@neon.excite.com>
- Reply-To: cygwin <cygwin at sources dot redhat dot com>
Bob Heckel wrote:
>
> I should have suggested that myself. How does this blurb
> sound (particularly directed to anyone who has experienced
> this issue and Corinna)?
>
> "Please be aware that if you have created your /etc/passwd
> via mkpasswd -l then you may have a security hole.
>
> If your PC has "Guest" enabled in order to allow shares to
> certain directories on your W2K or NT box, your passwd file
> contains an entry for Guest that will allow anyone to ftp,
> telnet, etc. to your machine simply by using user guest and
> pressing enter for the password. One solution is to
> eliminate the Guest account via Control Panel, the other is
> to delete the Guest entry in /etc/passwd.
>
> This problem is a weakness in Windows, not Cygwin."
Thanks, I have checked that into the README with slight changes
to mention anonymous ftp in that context.
However, I will upload another version of inetutils this week since
I found a problem with anonymous ftp.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@sources.redhat.com
Red Hat, Inc.
mailto:vinschen@cygnus.com
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com