Mail Archives: cygwin/2001/12/08/06:28:30

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2001/12/08/06:28:30

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sources.redhat.com/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Date: Sat, 8 Dec 2001 12:23:34 +0100

From: Corinna Vinschen <cygwin AT cygwin DOT com>

To: "'cygwin AT cygwin DOT com'" <cygwin AT cygwin DOT com>

Subject: Re: bash/rlogin can get user id different from NT login.

Message-ID: <20011208122334.X740@cygbert.vinschen.de>

Mail-Followup-To: "'cygwin AT cygwin DOT com'" <cygwin AT cygwin DOT com>

References: <04CAD2CF7C2CD51199C7009027AD078B8D0283 AT ev003msxaege DOT ae DOT ge DOT com>

Mime-Version: 1.0

User-Agent: Mutt/1.2.5i

In-Reply-To: <04CAD2CF7C2CD51199C7009027AD078B8D0283@ev003msxaege.ae.ge.com>; from bob.fletcher@ae.ge.com on Fri, Dec 07, 2001 at 05:20:58PM -0500

On Fri, Dec 07, 2001 at 05:20:58PM -0500, Fletcher, Bob (GEAE, EB&TS) wrote:
> Hello,
> 	Consider the following  passwd under cygwin: (1.3.)
> 
> user1:This_field_is_not_used_by_cygwin_on_nt/2000/xp:1001:513:User
> One:/home/user1:/bin/bash
> user2:This_field_is_not_used_by_cygwin_on_nt/2000/xp:1001:513:User
> Two:/home/user2:/bin/bash
> 
> 	Note that user1 and user2 two have the same UID. (!)
> If I log in  to W2000 as user2, and start bash, it thinks that I am user1.
> If user1 was silly enough to 
> 
> myhosthame  user1     
>      or god forbid 
> + user1 
> 
> in a Unix .rhosts file, I will have access to that account. 

That's a problem of rhosts authentication.  It's a wide open
security leak.  Better use ssh with password or pubkey authentication.

> 
> I suppose that the simple answer is "don't do that!". You have to keep
                                       ^^^^^^^^^^^^^^
				       Yep.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Date:	Sat, 8 Dec 2001 12:23:34 +0100
From:	Corinna Vinschen <cygwin AT cygwin DOT com>
To:	"'cygwin AT cygwin DOT com'" <cygwin AT cygwin DOT com>
Subject:	Re: bash/rlogin can get user id different from NT login.
Message-ID:	<20011208122334.X740@cygbert.vinschen.de>
Mail-Followup-To:	"'cygwin AT cygwin DOT com'" <cygwin AT cygwin DOT com>
References:	<04CAD2CF7C2CD51199C7009027AD078B8D0283 AT ev003msxaege DOT ae DOT ge DOT com>
Mime-Version:	1.0
User-Agent:	Mutt/1.2.5i
In-Reply-To:	<04CAD2CF7C2CD51199C7009027AD078B8D0283@ev003msxaege.ae.ge.com>; from bob.fletcher@ae.ge.com on Fri, Dec 07, 2001 at 05:20:58PM -0500