This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

security with the ftp daemon


Hi there,

I've set up the ftp server with inetutils on win2k, but I get a strange
security hole.

I've set permissions so that only "Administrators" can access the cygwin
directories.  The home directories are only accessible by their respective
users and /bin is Everyone and read-only.

However, after setting this up and rebooting the machine once, if I ftp in
as a regular user I can access all the administrator priviledge directories
(in read/write mode!) with no problem at all.  Is this a known problem and
is there a way to get it to work securely?  Surely the ftp daemon should
switch its user to the id of the person logging in?

Regards

---------------------------------
Q-Games, Dylan Cuthbert.
http://www.q-games.com


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]