Mailing-List: contact cygwin-help@sourceware.cygnus.com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe@sources.redhat.com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin@sources.redhat.com>
List-Help: <mailto:cygwin-help@sources.redhat.com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner@sources.redhat.com
Delivered-To: mailing list cygwin@sources.redhat.com
From: Chris Faylor <cgf@cygnus.com>
Date: Tue, 8 Aug 2000 21:32:17 -0400
To: cygwin@sources.redhat.com
Subject: Re: inetd security hole?
Message-ID: <20000808213217.A25642@cygnus.com>
Reply-To: cygwin@sources.redhat.com
Mail-Followup-To: cygwin@sources.redhat.com
References: <12793451.965784621742.JavaMail.imail@neon.excite.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.6i
In-Reply-To: <12793451.965784621742.JavaMail.imail@neon.excite.com>; from BHeckel@excite.com on Tue, Aug 08, 2000 at 06:30:20PM -0700

On Tue, Aug 08, 2000 at 06:30:20PM -0700, Bob Heckel wrote:
>I should have suggested that myself.  How does this blurb
>sound (particularly directed to anyone who has experienced
>this issue and Corinna)?
>
>"Please be aware that if you have created your /etc/passwd
>via mkpasswd -l then you may have a security hole.
>
>If your PC has "Guest" enabled in order to allow shares to
>certain directories on your W2K or NT box, your passwd file
>contains an entry for Guest that will allow anyone to ftp,
>telnet, etc. to your machine simply by using user guest and
>pressing enter for the password.  One solution is to
>eliminate the Guest account via Control Panel, the other is
>to delete the Guest entry in /etc/passwd.
>
>This problem is a weakness in Windows, not Cygwin."

That sounds perfect to me, but I'll let Corinna be the final
judge.

Thanks!

cgf

>On Tue, Aug 08, 2000 at 12:36:02 -0400, Chris Faylor wrote:
>
>>Perhaps you would like to contribute some wording for the inetd
>>documentation
>>which describes the problem.
>
>
>
>
>
>_______________________________________________________
>Say Bye to Slow Internet!
>http://www.home.com/xinbox/signup.html
>
>
>--
>Want to unsubscribe from this list?
>Send a message to cygwin-unsubscribe@sourceware.cygnus.com

-- 
cgf@cygnus.com                        Cygnus Solutions, a Red Hat company
http://sourceware.cygnus.com/         http://www.redhat.com/

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com