This is the mail archive of the
cygwin@sourceware.cygnus.com
mailing list for the Cygwin project.
Re: ftpd + Win98 = security hole
- To: Charles Wilson <cwilson at ece dot gatech dot edu>
- Subject: Re: ftpd + Win98 = security hole
- From: Corinna Vinschen <corinna at vinschen dot de>
- Date: Tue, 23 May 2000 20:40:33 +0200
- CC: tomcw at localnet dot com, cygwin <cygwin at sourceware dot cygnus dot com>
- References: <392A804A.30280.111411@localhost> <392ABBBA.FE59EAFE@ece.gatech.edu>
- Reply-To: cygwin <cygwin at sourceware dot cygnus dot com>
Charles Wilson wrote:
> --prefix=/usr --sysconfdir=/etc and then things should work like you
> expect: /etc/inetd.conf, /etc/ftpusers,
> [...]
> This is all complicated by Corinna's nifty addition to inetd.exe : it
> stores the expected location of inetd.conf in the registry. So, that's
> why /etc/inetd.conf works, but /etc/ftpusers doesn't. I guess that
> Corinna built inetutils with no 'prefix', so the default location for
> configuration files in her binary package is /usr/local/etc. BUT, that's
> overridden, in the case of inetd.conf ONLY, by the registry setting.
>
> Does that analysis sound correct to you, Corinna?
Not completely, Charles,
the inetutils package on sourceware is configured with
--prefix=/usr --libexecdir='${exec_prefix}/sbin'
--sysconfdir=/etc
and...
> P.S. It would be nice if all, or as many as possible, of the binary
> packages in latest contained the config.status output somehow. That way,
> we wouldn't have to guess the 'correct' options to rebuild the packages.
...that's a good hint and...
> Tom Weichmann wrote:
> > All of my mounts are binary mounts, so that should not be the
> > problem. For some reason /etc/ftpusers will not prevent the login.
..that _is_ a problem if your files have DOS line endings on
binary mounted disks and...
> > I moved ftpusers to /usr/local/etc/ftpusers, and this did the trick.
...you can't be using the inetutils-1.3.2-2 package from
sourceware because it's definitely compiled with --sysconfdir=/etc.
I have just checked that. The first package (inetutils-1.3.2) was
already configured that way. Are you sure that you don't have
a previous package (eg. Charles one) still installed and are you
sure using the right inetd.conf?
Corinna
--
Corinna Vinschen
Cygwin Developer
Cygnus Solutions, a Red Hat company
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com