Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Message-ID: <12793451.965784621742.JavaMail.imail@neon.excite.com>
Date: Tue, 8 Aug 2000 18:30:20 -0700 (PDT)
From: Bob Heckel <BHeckel AT excite DOT com>
Reply-To: <bheckel AT excite DOT com>
To: cygwin AT sources DOT redhat DOT com
Subject: Re: inetd security hole?
Cc: vinschen AT cygnus DOT com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Excite Inbox
X-Sender-Ip: 165.247.159.164

I should have suggested that myself.  How does this blurb
sound (particularly directed to anyone who has experienced
this issue and Corinna)?

"Please be aware that if you have created your /etc/passwd
via mkpasswd -l then you may have a security hole.

If your PC has "Guest" enabled in order to allow shares to
certain directories on your W2K or NT box, your passwd file
contains an entry for Guest that will allow anyone to ftp,
telnet, etc. to your machine simply by using user guest and
pressing enter for the password.  One solution is to
eliminate the Guest account via Control Panel, the other is
to delete the Guest entry in /etc/passwd.

This problem is a weakness in Windows, not Cygwin."

Bob Heckel


On Tue, Aug 08, 2000 at 12:36:02 -0400, Chris Faylor wrote:

>Perhaps you would like to contribute some wording for the inetd
>documentation
>which describes the problem.





_______________________________________________________
Say Bye to Slow Internet!
http://www.home.com/xinbox/signup.html


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com