This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
inetd security issues
- To: cygwin at cygwin dot com
- Subject: inetd security issues
- From: Carl Masens <carl at msti dot com dot au>
- Date: Tue, 10 Jul 2001 21:40:53 +1000
In wanting to run the inetd ftp server on my cygwin/win2k box I have had
the following exchange with my admin:
me:
What have I got installed (I hear you thinking)? I have installed Cygwin
(http://www.cygwin.com) and run the inetd application, having removed all
entries but specific user accounts from /etc/passwd except the SYSTEM and
ADMINISTRATORS.
admin:
Seeing as you're using inetd, I presume it leaves ports open for access?
Which ports are open? This is more relevant that enabling or disabling user
accounts, as most attacks involve vulnerabilities in software listening on
a particular port. How open to buffer overruns is Cygwin? What I'm getting
at is will a buffer overrun just crash the program/API/OS or will it allow
code to be executed locally as SYSTEM or ADMINISTRATOR?
so, can anyone answer these questions from my admin?
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/