This is the mail archive of the cygwin@sourceware.cygnus.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: ftpd + Win98 = security hole

To: cygwin <cygwin at sourceware dot cygnus dot com>
Subject: Re: ftpd + Win98 = security hole
From: Charles Wilson <cwilson at ece dot gatech dot edu>
Date: Tue, 23 May 2000 14:55:34 -0400
CC: tomcw at localnet dot com
References: <392A804A.30280.111411@localhost> <392ABBBA.FE59EAFE@ece.gatech.edu> <392AD0A1.C72D5D4C@vinschen.de>

Corinna Vinschen wrote:
> 
> Charles Wilson wrote:
> > --prefix=/usr --sysconfdir=/etc and then things should work like you
> > expect: /etc/inetd.conf, /etc/ftpusers,
> > [...]
> > This is all complicated by Corinna's nifty addition to inetd.exe : it
> > stores the expected location of inetd.conf in the registry. So, that's
> > why /etc/inetd.conf works, but /etc/ftpusers doesn't. I guess that
> > Corinna built inetutils with no 'prefix', so the default location for
> > configuration files in her binary package is /usr/local/etc. BUT, that's
> > overridden, in the case of inetd.conf ONLY, by the registry setting.
> >
> > Does that analysis sound correct to you, Corinna?
> 
> Not completely, Charles,
> 

Awww, you're being polite. What you meant to say was, "No, you're
totally wrong." <G> Given your explanation below, I think Tom MUST be
using my inetutils package. Tom, perhaps you have both packages
installed but /usr/local/bin;/usr/local/sbin precede /usr/bin;/usr/sbin
in the path?

--Chuck


> the inetutils package on sourceware is configured with
> 
>         --prefix=/usr --libexecdir='${exec_prefix}/sbin'
>         --sysconfdir=/etc
> 
> and...
> 
> > P.S. It would be nice if all, or as many as possible, of the binary
> > packages in latest contained the config.status output somehow. That way,
> > we wouldn't have to guess the 'correct' options to rebuild the packages.
> 
> ...that's a good hint and...
> 
> > Tom Weichmann wrote:
> > > All of my mounts are binary mounts, so that should not be the
> > > problem.  For some reason /etc/ftpusers will not prevent the login.
> 
> ..that _is_ a problem if your files have DOS line endings on
> binary mounted disks and...
> 
> > > I moved ftpusers to /usr/local/etc/ftpusers, and this did the trick.
> 
> ...you can't be using the inetutils-1.3.2-2 package from
> sourceware because it's definitely compiled with --sysconfdir=/etc.
> I have just checked that. The first package (inetutils-1.3.2) was
> already configured that way. Are you sure that you don't have
> a previous package (eg. Charles one) still installed and are you
> sure using the right inetd.conf?
> 
> Corinna
> 
> --
> Corinna Vinschen
> Cygwin Developer
> Cygnus Solutions, a Red Hat company

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Follow-Ups:
- Re: ftpd + Win98 = security hole
  - From: Corinna Vinschen

References:
- Re: ftpd + Win98 = security hole
  - From: Tom Weichmann
- Re: ftpd + Win98 = security hole
  - From: Charles Wilson
- Re: ftpd + Win98 = security hole
  - From: Corinna Vinschen

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]