Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin AT sources DOT redhat DOT com Message-ID: <30307088.965865271893.JavaMail.imail@neon.excite.com> Date: Wed, 9 Aug 2000 16:54:30 -0700 (PDT) From: Bob Heckel Reply-To: To: cygwin AT sources DOT redhat DOT com Subject: RE: inetd security hole? Cc: robert DOT collins AT itdomain DOT com DOT au Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: Excite Inbox X-Sender-Ip: 165.247.160.21 Hi Corinna, Yesterday night (Tues, Aug 8, 2000) Robert Collins improved my original version. You might want to consider merging this version during your next update. Thanks. "Please be aware that if you have created your /etc/passwd via mkpasswd -l then you may have a security hole. If your PC has 'Guest' enabled in order to allow shares to certain directories on your W2K or NT box, your passwd file contains an entry for Guest that will allow anyone to ftp, telnet, etc. to your machine simply by using user guest and pressing enter for the password. One solution is to disable the Guest account via User Manager (NT) or Control Panel - Users and passwords (W2K), the other is to delete the Guest entry in /etc/passwd. This problem is a weakness in Windows, not Cygwin." Bob Heckel > Thanks, I have checked that into the README with slight > changes to mention anonymous ftp in that context. > > However, I will upload another version of inetutils > this week since > I found a problem with anonymous ftp. > > Corinna _______________________________________________________ Say Bye to Slow Internet! http://www.home.com/xinbox/signup.html -- Want to unsubscribe from this list? Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com