Mail Archives: cygwin/2000/08/09/10:08:15

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2000/08/09/10:08:15

Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>

List-Archive: <http://sources.redhat.com/ml/cygwin/>

List-Post: <mailto:cygwin AT sources DOT redhat DOT com>

List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>

Sender: cygwin-owner AT sources DOT redhat DOT com

Delivered-To: mailing list cygwin AT sources DOT redhat DOT com

Message-ID: <3991320E.3956D89D@cygnus.com>

Date: Wed, 09 Aug 2000 12:27:26 +0200

From: Corinna Vinschen <vinschen AT cygnus DOT com>

Reply-To: cygwin <cygwin AT sources DOT redhat DOT com>

X-Mailer: Mozilla 4.73 [en] (X11; I; Linux 2.2.14-SMP i686)

X-Accept-Language: de, en

MIME-Version: 1.0

To: bheckel AT excite DOT com

CC: cygwin AT sources DOT redhat DOT com

Subject: Re: inetd security hole?

References: <12793451 DOT 965784621742 DOT JavaMail DOT imail AT neon DOT excite DOT com>

Bob Heckel wrote:
> 
> I should have suggested that myself.  How does this blurb
> sound (particularly directed to anyone who has experienced
> this issue and Corinna)?
> 
> "Please be aware that if you have created your /etc/passwd
> via mkpasswd -l then you may have a security hole.
> 
> If your PC has "Guest" enabled in order to allow shares to
> certain directories on your W2K or NT box, your passwd file
> contains an entry for Guest that will allow anyone to ftp,
> telnet, etc. to your machine simply by using user guest and
> pressing enter for the password.  One solution is to
> eliminate the Guest account via Control Panel, the other is
> to delete the Guest entry in /etc/passwd.
> 
> This problem is a weakness in Windows, not Cygwin."

Thanks, I have checked that into the README with slight changes
to mention anonymous ftp in that context.

However, I will upload another version of inetutils this week since
I found a problem with anonymous ftp.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                        mailto:cygwin AT sources DOT redhat DOT com
Red Hat, Inc.
mailto:vinschen AT cygnus DOT com

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT sources DOT redhat DOT com>
List-Help:	<mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT sources DOT redhat DOT com
Delivered-To:	mailing list cygwin AT sources DOT redhat DOT com
Message-ID:	<3991320E.3956D89D@cygnus.com>
Date:	Wed, 09 Aug 2000 12:27:26 +0200
From:	Corinna Vinschen <vinschen AT cygnus DOT com>
Reply-To:	cygwin <cygwin AT sources DOT redhat DOT com>
X-Mailer:	Mozilla 4.73 [en] (X11; I; Linux 2.2.14-SMP i686)
X-Accept-Language:	de, en
MIME-Version:	1.0
To:	bheckel AT excite DOT com
CC:	cygwin AT sources DOT redhat DOT com
Subject:	Re: inetd security hole?
References:	<12793451 DOT 965784621742 DOT JavaMail DOT imail AT neon DOT excite DOT com>