Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin AT sources DOT redhat DOT com Message-ID: <3991320E.3956D89D@cygnus.com> Date: Wed, 09 Aug 2000 12:27:26 +0200 From: Corinna Vinschen Reply-To: cygwin X-Mailer: Mozilla 4.73 [en] (X11; I; Linux 2.2.14-SMP i686) X-Accept-Language: de, en MIME-Version: 1.0 To: bheckel AT excite DOT com CC: cygwin AT sources DOT redhat DOT com Subject: Re: inetd security hole? References: <12793451 DOT 965784621742 DOT JavaMail DOT imail AT neon DOT excite DOT com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Bob Heckel wrote: > > I should have suggested that myself. How does this blurb > sound (particularly directed to anyone who has experienced > this issue and Corinna)? > > "Please be aware that if you have created your /etc/passwd > via mkpasswd -l then you may have a security hole. > > If your PC has "Guest" enabled in order to allow shares to > certain directories on your W2K or NT box, your passwd file > contains an entry for Guest that will allow anyone to ftp, > telnet, etc. to your machine simply by using user guest and > pressing enter for the password. One solution is to > eliminate the Guest account via Control Panel, the other is > to delete the Guest entry in /etc/passwd. > > This problem is a weakness in Windows, not Cygwin." Thanks, I have checked that into the README with slight changes to mention anonymous ftp in that context. However, I will upload another version of inetutils this week since I found a problem with anonymous ftp. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developer mailto:cygwin AT sources DOT redhat DOT com Red Hat, Inc. mailto:vinschen AT cygnus DOT com -- Want to unsubscribe from this list? Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com