inetd security hole?

[Corinna Vinschen]

Bob Heckel wrote:
> 
> I should have suggested that myself.  How does this blurb
> sound (particularly directed to anyone who has experienced
> this issue and Corinna)?
> 
> "Please be aware that if you have created your /etc/passwd
> via mkpasswd -l then you may have a security hole.
> 
> If your PC has "Guest" enabled in order to allow shares to
> certain directories on your W2K or NT box, your passwd file
> contains an entry for Guest that will allow anyone to ftp,
> telnet, etc. to your machine simply by using user guest and
> pressing enter for the password.  One solution is to
> eliminate the Guest account via Control Panel, the other is
> to delete the Guest entry in /etc/passwd.
> 
> This problem is a weakness in Windows, not Cygwin."

Thanks, I have checked that into the README with slight changes
to mention anonymous ftp in that context.

However, I will upload another version of inetutils this week since
I found a problem with anonymous ftp.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                        mailto:cygwin@sources.redhat.com
Red Hat, Inc.
mailto:vinschen@cygnus.com

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com