This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: inetd security issues

To: cygwin <cygwin at cygwin dot com>
Subject: Re: inetd security issues
From: Corinna Vinschen <cygwin at cygwin dot com>
Date: Tue, 10 Jul 2001 18:07:15 +0200
References: <5.0.2.1.0.20010710214050.00ad6308@mail.sprintsoft.com> <20010710172216.S8578@cygbert.vinschen.de> <13097881035.20010710192940@logos-m.ru>

On Tue, Jul 10, 2001 at 07:29:40PM +0400, egor duda wrote:
> Hi!
> 
> Tuesday, 10 July, 2001 Corinna Vinschen cygwin@cygwin.com wrote:
> 
> CV> Using Cygwin is not secure at all. If you or your admin has
> CV> honest security concerns don't open up the system by providing
> CV> services via inetd
> 
> actually, i'm not aware of any _remotely_ exploitable holes in cygwin
> inetutils. do anybody?

One wide open security hole is already the usage of rlogin and telnet
as administrator due to the transmission of unencrypted passwords.
That's not exactly what you're talking of but it's the most obvious
and the most ignored fact.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Follow-Ups:
- Re: inetd security issues
  - From: tplesco

References:
- inetd security issues
  - From: Carl Masens
- Re: inetd security issues
  - From: Corinna Vinschen
- Re: inetd security issues
  - From: egor duda

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]