Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin AT sources DOT redhat DOT com Date: Tue, 10 Jul 2001 18:07:15 +0200 From: Corinna Vinschen To: cygwin Subject: Re: inetd security issues Message-ID: <20010710180715.U8578@cygbert.vinschen.de> Mail-Followup-To: cygwin References: <5 DOT 0 DOT 2 DOT 1 DOT 0 DOT 20010710214050 DOT 00ad6308 AT mail DOT sprintsoft DOT com> <20010710172216 DOT S8578 AT cygbert DOT vinschen DOT de> <13097881035 DOT 20010710192940 AT logos-m DOT ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <13097881035.20010710192940@logos-m.ru>; from deo@logos-m.ru on Tue, Jul 10, 2001 at 07:29:40PM +0400 On Tue, Jul 10, 2001 at 07:29:40PM +0400, egor duda wrote: > Hi! > > Tuesday, 10 July, 2001 Corinna Vinschen cygwin AT cygwin DOT com wrote: > > CV> Using Cygwin is not secure at all. If you or your admin has > CV> honest security concerns don't open up the system by providing > CV> services via inetd > > actually, i'm not aware of any _remotely_ exploitable holes in cygwin > inetutils. do anybody? One wide open security hole is already the usage of rlogin and telnet as administrator due to the transmission of unencrypted passwords. That's not exactly what you're talking of but it's the most obvious and the most ignored fact. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developer mailto:cygwin AT cygwin DOT com Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/