Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sourceware DOT cygnus DOT com>
List-Archive: <http://sourceware.cygnus.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sourceware DOT cygnus DOT com>
List-Help: <mailto:cygwin-help AT sourceware DOT cygnus DOT com>, <http://sourceware.cygnus.com/ml/#faqs>
Sender: cygwin-owner AT sourceware DOT cygnus DOT com
Delivered-To: mailing list cygwin AT sourceware DOT cygnus DOT com
From: "Tom Weichmann" <tomcw AT localnet DOT com>
To: cygwin AT sourceware DOT cygnus DOT com
Date: Tue, 23 May 2000 02:33:32 -0700
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: ftpd + Win98 = security hole
Reply-to: tomcw AT localnet DOT com
Message-ID: <3929EDFC.8762.9BB92E@localhost>
X-mailer: Pegasus Mail for Win32 (v3.12c)

I have noticed that when running ftpd from inetd, anyone can log in 
via anonymous ftp.  Usually the ftpd will chroot to /home/ftp for an 
anonymous login, but under win98 chroot does not work.  This 
leaves user anonymous with read, write, execute, delete access to 
your whole machine.  I tried adding user ftp to /etc/ftpusers, but 
this did not prevent the login.  Is there any way to disable 
anonymous logins via ftpd?

Thanks,

Tom Weichmann

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com