This is the mail archive of the
cygwin@sources.redhat.com
mailing list for the Cygwin project.
Re: inetd security hole?
- To: cygwin at sources dot redhat dot com
- Subject: Re: inetd security hole?
- From: Chris Faylor <cgf at cygnus dot com>
- Date: Tue, 8 Aug 2000 21:32:17 -0400
- References: <12793451.965784621742.JavaMail.imail@neon.excite.com>
- Reply-To: cygwin at sources dot redhat dot com
On Tue, Aug 08, 2000 at 06:30:20PM -0700, Bob Heckel wrote:
>I should have suggested that myself. How does this blurb
>sound (particularly directed to anyone who has experienced
>this issue and Corinna)?
>
>"Please be aware that if you have created your /etc/passwd
>via mkpasswd -l then you may have a security hole.
>
>If your PC has "Guest" enabled in order to allow shares to
>certain directories on your W2K or NT box, your passwd file
>contains an entry for Guest that will allow anyone to ftp,
>telnet, etc. to your machine simply by using user guest and
>pressing enter for the password. One solution is to
>eliminate the Guest account via Control Panel, the other is
>to delete the Guest entry in /etc/passwd.
>
>This problem is a weakness in Windows, not Cygwin."
That sounds perfect to me, but I'll let Corinna be the final
judge.
Thanks!
cgf
>On Tue, Aug 08, 2000 at 12:36:02 -0400, Chris Faylor wrote:
>
>>Perhaps you would like to contribute some wording for the inetd
>>documentation
>>which describes the problem.
>
>
>
>
>
>_______________________________________________________
>Say Bye to Slow Internet!
>http://www.home.com/xinbox/signup.html
>
>
>--
>Want to unsubscribe from this list?
>Send a message to cygwin-unsubscribe@sourceware.cygnus.com
--
cgf@cygnus.com Cygnus Solutions, a Red Hat company
http://sourceware.cygnus.com/ http://www.redhat.com/
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com