inetd security hole?
Corinna Vinschen
vinschen@cygnus.com
Wed Aug 9 03:27:00 GMT 2000
Bob Heckel wrote:
>
> I should have suggested that myself. How does this blurb
> sound (particularly directed to anyone who has experienced
> this issue and Corinna)?
>
> "Please be aware that if you have created your /etc/passwd
> via mkpasswd -l then you may have a security hole.
>
> If your PC has "Guest" enabled in order to allow shares to
> certain directories on your W2K or NT box, your passwd file
> contains an entry for Guest that will allow anyone to ftp,
> telnet, etc. to your machine simply by using user guest and
> pressing enter for the password. One solution is to
> eliminate the Guest account via Control Panel, the other is
> to delete the Guest entry in /etc/passwd.
>
> This problem is a weakness in Windows, not Cygwin."
Thanks, I have checked that into the README with slight changes
to mention anonymous ftp in that context.
However, I will upload another version of inetutils this week since
I found a problem with anonymous ftp.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@sources.redhat.com
Red Hat, Inc.
mailto:vinschen@cygnus.com
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com
More information about the Cygwin
mailing list