This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: inetd security issues


On Tue, Jul 10, 2001 at 07:29:40PM +0400, egor duda wrote:
> Hi!
> 
> Tuesday, 10 July, 2001 Corinna Vinschen cygwin@cygwin.com wrote:
> 
> CV> Using Cygwin is not secure at all. If you or your admin has
> CV> honest security concerns don't open up the system by providing
> CV> services via inetd
> 
> actually, i'm not aware of any _remotely_ exploitable holes in cygwin
> inetutils. do anybody?

One wide open security hole is already the usage of rlogin and telnet
as administrator due to the transmission of unencrypted passwords.
That's not exactly what you're talking of but it's the most obvious
and the most ignored fact.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]