inetd security hole?

David A. Cobb superbiskit@home.com
Mon Aug 7 07:10:00 GMT 2000

• Previous message (by thread): inetd security hole?
• Next message (by thread): inetd security hole?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Bob Heckel wrote:
>> I just set up inetd-1.3.2-5p1 as a service on my W2K box. My
> thanks to the Cygwin team. Great job on this piece. There
> may, however, be a security hole for some people. I was
> able to FTP from a remote Unix box to my Cygwin W2K box
> simply by using user guest and password (enter). Had to
> delete the Guest entry from /etc/passwd to close the hole.
>> I may not be configured properly and your system may be
> different but I wanted to make sure no one is accidently
> exposed to trouble. I checked the mailing list search
> engine prior to posting this and didn't see any warnings regarding this
> issue.
>> Bob Heckel
>
This sounds like part of the NT heritage. On an NT system the user
name "guest" (null password) is normally enabled - might even be
immutable. Guest, however, should have minimum or no access. 
Making that a true statement is an administrator's job. 
-- 
David A. Cobb, Software Engineer, Public Access Advocate
"Don't buy or use crappy software"
"By the grace of God I am a Christian man, 
 by my actions a great sinner" -- The Way of a Pilgrim [R. M.
French, tr.]
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

---

• Previous message (by thread): inetd security hole?
• Next message (by thread): inetd security hole?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Cygwin mailing list