Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
From: Chris Faylor <cgf AT cygnus DOT com>
Date: Tue, 8 Aug 2000 21:32:17 -0400
To: cygwin AT sources DOT redhat DOT com
Subject: Re: inetd security hole?
Message-ID: <20000808213217.A25642@cygnus.com>
Reply-To: cygwin AT sources DOT redhat DOT com
Mail-Followup-To: cygwin AT sources DOT redhat DOT com
References: <12793451 DOT 965784621742 DOT JavaMail DOT imail AT neon DOT excite DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.6i
In-Reply-To: <12793451.965784621742.JavaMail.imail@neon.excite.com>; from BHeckel@excite.com on Tue, Aug 08, 2000 at 06:30:20PM -0700

On Tue, Aug 08, 2000 at 06:30:20PM -0700, Bob Heckel wrote:
>I should have suggested that myself.  How does this blurb
>sound (particularly directed to anyone who has experienced
>this issue and Corinna)?
>
>"Please be aware that if you have created your /etc/passwd
>via mkpasswd -l then you may have a security hole.
>
>If your PC has "Guest" enabled in order to allow shares to
>certain directories on your W2K or NT box, your passwd file
>contains an entry for Guest that will allow anyone to ftp,
>telnet, etc. to your machine simply by using user guest and
>pressing enter for the password.  One solution is to
>eliminate the Guest account via Control Panel, the other is
>to delete the Guest entry in /etc/passwd.
>
>This problem is a weakness in Windows, not Cygwin."

That sounds perfect to me, but I'll let Corinna be the final
judge.

Thanks!

cgf

>On Tue, Aug 08, 2000 at 12:36:02 -0400, Chris Faylor wrote:
>
>>Perhaps you would like to contribute some wording for the inetd
>>documentation
>>which describes the problem.
>
>
>
>
>
>_______________________________________________________
>Say Bye to Slow Internet!
>http://www.home.com/xinbox/signup.html
>
>
>--
>Want to unsubscribe from this list?
>Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com

-- 
cgf AT cygnus DOT com                        Cygnus Solutions, a Red Hat company
http://sourceware.cygnus.com/         http://www.redhat.com/

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com