Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sourceware DOT cygnus DOT com Delivered-To: mailing list cygwin AT sourceware DOT cygnus DOT com From: "Tom Weichmann" To: cygwin AT sourceware DOT cygnus DOT com Date: Tue, 23 May 2000 02:33:32 -0700 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: ftpd + Win98 = security hole Reply-to: tomcw AT localnet DOT com Message-ID: <3929EDFC.8762.9BB92E@localhost> X-mailer: Pegasus Mail for Win32 (v3.12c) I have noticed that when running ftpd from inetd, anyone can log in via anonymous ftp. Usually the ftpd will chroot to /home/ftp for an anonymous login, but under win98 chroot does not work. This leaves user anonymous with read, write, execute, delete access to your whole machine. I tried adding user ftp to /etc/ftpusers, but this did not prevent the login. Is there any way to disable anonymous logins via ftpd? Thanks, Tom Weichmann -- Want to unsubscribe from this list? Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com