Mail Archives: cygwin/2001/07/10/12:29:20

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2001/07/10/12:29:20

Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>

List-Archive: <http://sources.redhat.com/ml/cygwin/>

List-Post: <mailto:cygwin AT sources DOT redhat DOT com>

List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>

Sender: cygwin-owner AT sources DOT redhat DOT com

Delivered-To: mailing list cygwin AT sources DOT redhat DOT com

Date: Tue, 10 Jul 2001 09:29:47 -0700

From: tplesco <tod AT megachump DOT com>

To: cygwin <cygwin AT cygwin DOT com>

Subject: Re: inetd security issues

Message-ID: <20010710092947.A1008@megachump.com>

References: <5 DOT 0 DOT 2 DOT 1 DOT 0 DOT 20010710214050 DOT 00ad6308 AT mail DOT sprintsoft DOT com> <20010710172216 DOT S8578 AT cygbert DOT vinschen DOT de> <13097881035 DOT 20010710192940 AT logos-m DOT ru> <20010710180715 DOT U8578 AT cygbert DOT vinschen DOT de>

Mime-Version: 1.0

User-Agent: Mutt/1.2.5i

In-Reply-To: <20010710180715.U8578@cygbert.vinschen.de>; from cygwin@cygwin.com on Tue, Jul 10, 2001 at 06:07:15PM +0200

Organization: MC Studios

What are some measures we can use to avoid someone hacking the
administrator login? Change the administrator account to something
obscure? Is there logging for rlogin and telnet sessions?

-Todd

On Tue, Jul 10, 2001 at 06:07:15PM +0200, Corinna Vinschen wrote:
> On Tue, Jul 10, 2001 at 07:29:40PM +0400, egor duda wrote:
> > Hi!
> > 
> > Tuesday, 10 July, 2001 Corinna Vinschen cygwin AT cygwin DOT com wrote:
> > 
> > CV> Using Cygwin is not secure at all. If you or your admin has
> > CV> honest security concerns don't open up the system by providing
> > CV> services via inetd
> > 
> > actually, i'm not aware of any _remotely_ exploitable holes in cygwin
> > inetutils. do anybody?
> 
> One wide open security hole is already the usage of rlogin and telnet
> as administrator due to the transmission of unencrypted passwords.
> That's not exactly what you're talking of but it's the most obvious
> and the most ignored fact.
> 
> Corinna
> 
> -- 
> Corinna Vinschen                  Please, send mails regarding Cygwin to
> Cygwin Developer                                mailto:cygwin AT cygwin DOT com
> Red Hat, Inc.
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT sources DOT redhat DOT com>
List-Help:	<mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT sources DOT redhat DOT com
Delivered-To:	mailing list cygwin AT sources DOT redhat DOT com
Date:	Tue, 10 Jul 2001 09:29:47 -0700
From:	tplesco <tod AT megachump DOT com>
To:	cygwin <cygwin AT cygwin DOT com>
Subject:	Re: inetd security issues
Message-ID:	<20010710092947.A1008@megachump.com>
References:	<5 DOT 0 DOT 2 DOT 1 DOT 0 DOT 20010710214050 DOT 00ad6308 AT mail DOT sprintsoft DOT com> <20010710172216 DOT S8578 AT cygbert DOT vinschen DOT de> <13097881035 DOT 20010710192940 AT logos-m DOT ru> <20010710180715 DOT U8578 AT cygbert DOT vinschen DOT de>
Mime-Version:	1.0
User-Agent:	Mutt/1.2.5i
In-Reply-To:	<20010710180715.U8578@cygbert.vinschen.de>; from cygwin@cygwin.com on Tue, Jul 10, 2001 at 06:07:15PM +0200
Organization:	MC Studios