inetd security issues
tplesco
tod@megachump.com
Tue Jul 10 09:28:00 GMT 2001
What are some measures we can use to avoid someone hacking the
administrator login? Change the administrator account to something
obscure? Is there logging for rlogin and telnet sessions?
-Todd
On Tue, Jul 10, 2001 at 06:07:15PM +0200, Corinna Vinschen wrote:
> On Tue, Jul 10, 2001 at 07:29:40PM +0400, egor duda wrote:
> > Hi!
> >
> > Tuesday, 10 July, 2001 Corinna Vinschen cygwin@cygwin.com wrote:
> >
> > CV> Using Cygwin is not secure at all. If you or your admin has
> > CV> honest security concerns don't open up the system by providing
> > CV> services via inetd
> >
> > actually, i'm not aware of any _remotely_ exploitable holes in cygwin
> > inetutils. do anybody?
>
> One wide open security hole is already the usage of rlogin and telnet
> as administrator due to the transmission of unencrypted passwords.
> That's not exactly what you're talking of but it's the most obvious
> and the most ignored fact.
>
> Corinna
>
> --
> Corinna Vinschen Please, send mails regarding Cygwin to
> Cygwin Developer mailto:cygwin@cygwin.com
> Red Hat, Inc.
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting: http://cygwin.com/bugs.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
More information about the Cygwin
mailing list