This is the mail archive of the cygwin@sources.redhat.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: inetd security hole?


I should have suggested that myself.  How does this blurb
sound (particularly directed to anyone who has experienced
this issue and Corinna)?

"Please be aware that if you have created your /etc/passwd
via mkpasswd -l then you may have a security hole.

If your PC has "Guest" enabled in order to allow shares to
certain directories on your W2K or NT box, your passwd file
contains an entry for Guest that will allow anyone to ftp,
telnet, etc. to your machine simply by using user guest and
pressing enter for the password.  One solution is to
eliminate the Guest account via Control Panel, the other is
to delete the Guest entry in /etc/passwd.

This problem is a weakness in Windows, not Cygwin."

Bob Heckel


On Tue, Aug 08, 2000 at 12:36:02 -0400, Chris Faylor wrote:

>Perhaps you would like to contribute some wording for the inetd
>documentation
>which describes the problem.





_______________________________________________________
Say Bye to Slow Internet!
http://www.home.com/xinbox/signup.html


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]