Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Message-ID: <13013671.965751302190.JavaMail.imail@neon.excite.com>
Date: Tue, 8 Aug 2000 09:15:01 -0700 (PDT)
From: Bob Heckel <BHeckel AT excite DOT com>
Reply-To: <bheckel AT excite DOT com>
To: Robert Collins <robert DOT collins AT itdomain DOT com DOT au>, cygwin AT sources DOT redhat DOT com
Subject: Re: inetd security hole?
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Excite Inbox
X-Sender-Ip: 202.252.212.40

Thanks for the suggestion, Rob but I still need the Guest account to allow
anonymous NT shares (for my non-Cygwin enlightened coworkers) to certain
directories on my W2K box.  I'll just leave Guest out of /etc/passwd for
now.

The thing that worried me originally was that "dropbox" shares are common on
Windoze machines and I only discovered the hole by accident.  Unfortunately
the inetd documentation doesn't mention the issue.

Bob Heckel
p.s. Thanks also to Dave for your comments.

On Tue, 8 Aug 2000 08:23:57 +1000, Robert Collins wrote:

>  I agree that this is a NT feature.. in fact the guest account can be
>  renamed, or disabled. Bob - if you disable the guest account on your
>  machine, cygwin shouldn't be able to login you whether or not guest is
>  listed in /etc/passwd.
>  
>  Rob





_______________________________________________________
Say Bye to Slow Internet!
http://www.home.com/xinbox/signup.html


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com