This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
security with the ftp daemon
- From: "Dylan Cuthbert" <dylan at q-games dot com>
- To: <cygwin at cygwin dot com>
- Date: Mon, 21 Jan 2002 14:51:29 +0900
- Subject: security with the ftp daemon
Hi there,
I've set up the ftp server with inetutils on win2k, but I get a strange
security hole.
I've set permissions so that only "Administrators" can access the cygwin
directories. The home directories are only accessible by their respective
users and /bin is Everyone and read-only.
However, after setting this up and rebooting the machine once, if I ftp in
as a regular user I can access all the administrator priviledge directories
(in read/write mode!) with no problem at all. Is this a known problem and
is there a way to get it to work securely? Surely the ftp daemon should
switch its user to the id of the person logging in?
Regards
---------------------------------
Q-Games, Dylan Cuthbert.
http://www.q-games.com
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/