| delorie.com/archives/browse.cgi | search |
| Mailing-List: | contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm |
| List-Subscribe: | <mailto:cygwin-subscribe AT sourceware DOT cygnus DOT com> |
| List-Archive: | <http://sourceware.cygnus.com/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT sourceware DOT cygnus DOT com> |
| List-Help: | <mailto:cygwin-help AT sourceware DOT cygnus DOT com>, <http://sourceware.cygnus.com/ml/#faqs> |
| Sender: | cygwin-owner AT sourceware DOT cygnus DOT com |
| Delivered-To: | mailing list cygwin AT sourceware DOT cygnus DOT com |
| From: | "Tom Weichmann" <tomcw AT localnet DOT com> |
| To: | cygwin AT sourceware DOT cygnus DOT com |
| Date: | Tue, 23 May 2000 02:33:32 -0700 |
| MIME-Version: | 1.0 |
| Subject: | ftpd + Win98 = security hole |
| Reply-to: | tomcw AT localnet DOT com |
| Message-ID: | <3929EDFC.8762.9BB92E@localhost> |
| X-mailer: | Pegasus Mail for Win32 (v3.12c) |
I have noticed that when running ftpd from inetd, anyone can log in via anonymous ftp. Usually the ftpd will chroot to /home/ftp for an anonymous login, but under win98 chroot does not work. This leaves user anonymous with read, write, execute, delete access to your whole machine. I tried adding user ftp to /etc/ftpusers, but this did not prevent the login. Is there any way to disable anonymous logins via ftpd? Thanks, Tom Weichmann -- Want to unsubscribe from this list? Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |