| delorie.com/archives/browse.cgi | search |
| Mailing-List: | contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm |
| List-Subscribe: | <mailto:cygwin-subscribe AT sourceware DOT cygnus DOT com> |
| List-Archive: | <http://sourceware.cygnus.com/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT sourceware DOT cygnus DOT com> |
| List-Help: | <mailto:cygwin-help AT sourceware DOT cygnus DOT com>, <http://sourceware.cygnus.com/ml/#faqs> |
| Sender: | cygwin-owner AT sourceware DOT cygnus DOT com |
| Delivered-To: | mailing list cygwin AT sourceware DOT cygnus DOT com |
| Message-ID: | <392A4340.72F8B9E2@vinschen.de> |
| Date: | Tue, 23 May 2000 10:37:20 +0200 |
| From: | Corinna Vinschen <corinna AT vinschen DOT de> |
| Reply-To: | cygwin <cygwin AT sourceware DOT cygnus DOT com> |
| X-Mailer: | Mozilla 4.7 [en] (X11; I; Linux 2.2.14 i686) |
| X-Accept-Language: | de, en |
| MIME-Version: | 1.0 |
| To: | tomcw AT localnet DOT com |
| CC: | cygwin AT sourceware DOT cygnus DOT com |
| Subject: | Re: ftpd + Win98 = security hole |
| References: | <3929EDFC DOT 8762 DOT 9BB92E AT localhost> |
Tom Weichmann wrote: > I have noticed that when running ftpd from inetd, anyone can log in > via anonymous ftp. Usually the ftpd will chroot to /home/ftp for an > anonymous login, but under win98 chroot does not work. This > leaves user anonymous with read, write, execute, delete access to > your whole machine. I tried adding user ftp to /etc/ftpusers, but > this did not prevent the login. Is there any way to disable > anonymous logins via ftpd? I have just checked that on a W2K and a W98 system. /etc/ftpusers does actually prevent login. I have checked out another situation: If you have binary mounts and your ftpusers file has DOS line endings (\r\n) ftpd is unable to prevent logins via ftpusers. That's the only possible reason I can see so I suggest to check your ftpusers line endings. I will change that in the next release of inetutils so that such configuration files are always opened in textmode. Then you may have both styles of line endings regardless of the mount mode. Corinna -- Corinna Vinschen Cygwin Developer Cygnus Solutions, a Red Hat company -- Want to unsubscribe from this list? Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |