Mail Archives: cygwin/2002/01/21/20:18:08
Thanks, you were right, I regenerated the groups file and it returned to
being secure again - it seems a bit dangerous to default to admins group,
maybe better if it defaults to guest or something along those lines?
Regards
---------------------------------
Q-Games, Dylan Cuthbert.
http://www.q-games.com
----- Original Message -----
From: "Corinna Vinschen" <cygwin AT cygwin DOT com>
To: <cygwin AT cygwin DOT com>
Sent: Monday, January 21, 2002 6:39 PM
Subject: Re: security with the ftp daemon
> On Mon, Jan 21, 2002 at 02:51:29PM +0900, Dylan Cuthbert wrote:
> > Hi there,
> >
> > I've set up the ftp server with inetutils on win2k, but I get a strange
> > security hole.
> >
> > I've set permissions so that only "Administrators" can access the cygwin
> > directories. The home directories are only accessible by their
respective
> > users and /bin is Everyone and read-only.
> >
> > However, after setting this up and rebooting the machine once, if I ftp
in
> > as a regular user I can access all the administrator priviledge
directories
> > (in read/write mode!) with no problem at all. Is this a known problem
and
> > is there a way to get it to work securely? Surely the ftp daemon should
> > switch its user to the id of the person logging in?
>
> Check if your /etc/group is setup correctly. If the group of
> the user doesn't exist, setgid() falls back to the admins group
> currently.
>
> --
> Corinna Vinschen Please, send mails regarding Cygwin to
> Cygwin Developer mailto:cygwin AT cygwin DOT com
> Red Hat, Inc.
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting: http://cygwin.com/bugs.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -