Mailing-List: contact cygwin-help@sourceware.cygnus.com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe@sourceware.cygnus.com>
List-Archive: <http://sourceware.cygnus.com/ml/cygwin/>
List-Post: <mailto:cygwin@sourceware.cygnus.com>
List-Help: <mailto:cygwin-help@sourceware.cygnus.com>, <http://sourceware.cygnus.com/ml/#faqs>
Sender: cygwin-owner@sourceware.cygnus.com
Delivered-To: mailing list cygwin@sourceware.cygnus.com
From: "Tom Weichmann" <tomcw@localnet.com>
To: cygwin <cygwin@sourceware.cygnus.com>
Date: Tue, 23 May 2000 12:57:46 -0700
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: Re: ftpd + Win98 = security hole
Reply-to: tomcw@localnet.com
Message-ID: <392A804A.30280.111411@localhost>
In-reply-to: <392A4340.72F8B9E2@vinschen.de>
X-mailer: Pegasus Mail for Win32 (v3.12c)

Corinna,

> I have just checked that on a W2K and a W98 system. /etc/ftpusers does
> actually prevent login.

> I have checked out another situation: If you have binary mounts
> and your ftpusers file has DOS line endings (\r\n) ftpd is
> unable to prevent logins via ftpusers. That's the only possible
> reason I can see so I suggest to check your ftpusers line endings.
> 
> I will change that in the next release of inetutils so that
> such configuration files are always opened in textmode. Then
> you may have both styles of line endings regardless of the
> mount mode.

All of my mounts are binary mounts, so that should not be the 
problem.  For some reason /etc/ftpusers will not prevent the login.  
I moved ftpusers to /usr/local/etc/ftpusers, and this did the trick.  

Thanks,

Tom Weichmann

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com