This is the mail archive of the
cygwin@sources.redhat.com
mailing list for the Cygwin project.
inetd security hole?
- To: cygwin at sourceware dot cygnus dot com
- Subject: inetd security hole?
- From: Bob Heckel <BHeckel at excite dot com>
- Date: Fri, 4 Aug 2000 14:04:19 -0700 (PDT)
- Reply-To: <bheckel at excite dot com>
I just set up inetd-1.3.2-5p1 as a service on my W2K box. My
thanks to the Cygwin team. Great job on this piece. There
may, however, be a security hole for some people. I was
able to FTP from a remote Unix box to my Cygwin W2K box
simply by using user guest and password (enter). Had to
delete the Guest entry from /etc/passwd to close the hole.
I may not be configured properly and your system may be
different but I wanted to make sure no one is accidently
exposed to trouble. I checked the mailing list search
engine prior to posting this and didn't see any warnings regarding this
issue.
Bob Heckel
_______________________________________________________
Say Bye to Slow Internet!
http://www.home.com/xinbox/signup.html
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com