This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

inetd security issues


In wanting to run the inetd ftp server on my cygwin/win2k box I have had 
the following exchange with my admin:

       me:
What have I got installed (I hear you thinking)? I have installed Cygwin 
(http://www.cygwin.com) and run the inetd application, having removed all 
entries but specific user accounts from /etc/passwd except the SYSTEM and 
ADMINISTRATORS.

admin:
Seeing as you're using inetd, I presume it leaves ports open for access? 
Which ports are open? This is more relevant that enabling or disabling user 
accounts, as most attacks involve vulnerabilities in software listening on 
a particular port. How open to buffer overruns is Cygwin? What I'm getting 
at is will a buffer overrun just crash the program/API/OS or will it allow 
code to be executed locally as SYSTEM or ADMINISTRATOR?

so, can anyone answer these questions from my admin?


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]