Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin AT sources DOT redhat DOT com From: Chris Faylor Date: Tue, 8 Aug 2000 21:32:17 -0400 To: cygwin AT sources DOT redhat DOT com Subject: Re: inetd security hole? Message-ID: <20000808213217.A25642@cygnus.com> Reply-To: cygwin AT sources DOT redhat DOT com Mail-Followup-To: cygwin AT sources DOT redhat DOT com References: <12793451 DOT 965784621742 DOT JavaMail DOT imail AT neon DOT excite DOT com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.6i In-Reply-To: <12793451.965784621742.JavaMail.imail@neon.excite.com>; from BHeckel@excite.com on Tue, Aug 08, 2000 at 06:30:20PM -0700 On Tue, Aug 08, 2000 at 06:30:20PM -0700, Bob Heckel wrote: >I should have suggested that myself. How does this blurb >sound (particularly directed to anyone who has experienced >this issue and Corinna)? > >"Please be aware that if you have created your /etc/passwd >via mkpasswd -l then you may have a security hole. > >If your PC has "Guest" enabled in order to allow shares to >certain directories on your W2K or NT box, your passwd file >contains an entry for Guest that will allow anyone to ftp, >telnet, etc. to your machine simply by using user guest and >pressing enter for the password. One solution is to >eliminate the Guest account via Control Panel, the other is >to delete the Guest entry in /etc/passwd. > >This problem is a weakness in Windows, not Cygwin." That sounds perfect to me, but I'll let Corinna be the final judge. Thanks! cgf >On Tue, Aug 08, 2000 at 12:36:02 -0400, Chris Faylor wrote: > >>Perhaps you would like to contribute some wording for the inetd >>documentation >>which describes the problem. > > > > > >_______________________________________________________ >Say Bye to Slow Internet! >http://www.home.com/xinbox/signup.html > > >-- >Want to unsubscribe from this list? >Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com -- cgf AT cygnus DOT com Cygnus Solutions, a Red Hat company http://sourceware.cygnus.com/ http://www.redhat.com/ -- Want to unsubscribe from this list? Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com