Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Date: Tue, 10 Jul 2001 09:29:47 -0700
From: tplesco <tod AT megachump DOT com>
To: cygwin <cygwin AT cygwin DOT com>
Subject: Re: inetd security issues
Message-ID: <20010710092947.A1008@megachump.com>
References: <5 DOT 0 DOT 2 DOT 1 DOT 0 DOT 20010710214050 DOT 00ad6308 AT mail DOT sprintsoft DOT com> <20010710172216 DOT S8578 AT cygbert DOT vinschen DOT de> <13097881035 DOT 20010710192940 AT logos-m DOT ru> <20010710180715 DOT U8578 AT cygbert DOT vinschen DOT de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010710180715.U8578@cygbert.vinschen.de>; from cygwin@cygwin.com on Tue, Jul 10, 2001 at 06:07:15PM +0200
Organization: MC Studios

What are some measures we can use to avoid someone hacking the
administrator login? Change the administrator account to something
obscure? Is there logging for rlogin and telnet sessions?

-Todd

On Tue, Jul 10, 2001 at 06:07:15PM +0200, Corinna Vinschen wrote:
> On Tue, Jul 10, 2001 at 07:29:40PM +0400, egor duda wrote:
> > Hi!
> > 
> > Tuesday, 10 July, 2001 Corinna Vinschen cygwin AT cygwin DOT com wrote:
> > 
> > CV> Using Cygwin is not secure at all. If you or your admin has
> > CV> honest security concerns don't open up the system by providing
> > CV> services via inetd
> > 
> > actually, i'm not aware of any _remotely_ exploitable holes in cygwin
> > inetutils. do anybody?
> 
> One wide open security hole is already the usage of rlogin and telnet
> as administrator due to the transmission of unencrypted passwords.
> That's not exactly what you're talking of but it's the most obvious
> and the most ignored fact.
> 
> Corinna
> 
> -- 
> Corinna Vinschen                  Please, send mails regarding Cygwin to
> Cygwin Developer                                mailto:cygwin AT cygwin DOT com
> Red Hat, Inc.
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/