Date: Sat, 15 Aug 1998 03:32:45 +0800 From: Peter Wemm <peter@netplex.com.au> To: Philippe Regnauld <regnauld@deepo.prosa.dk> Cc: Toby Swanson <toby@milkyway.org>, =?iso-8859-1?Q?Dag-Erling_Coidan_Sm=F8rgrav?= <dag-erli@ifi.uio.no>, freebsd-net@FreeBSD.ORG Subject: Re: Mail server... Message-ID: <199808141932.DAA22339@spinner.netplex.com.au> In-Reply-To: Your message of "Thu, 13 Aug 1998 12:13:44 %2B0200." <19980813121344.16224@deepo.prosa.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Philippe Regnauld wrote: > Toby Swanson writes: > > = > > On 06Aug98 Dag-Erling Coidan Sm=F8rgrav wrote: > > = > > > Don't *whack* use *whack* qpopper *whack* *whack* > > = > > Are there any particular reasons to not use qpopper? > = > "How do you want to be cracked today ?" > = > Qpopper had its moment of (non)glory last month, when a buffer > overflow was discovered in versions 2.4x -- it was fixed in 2.5 and up= =2E > = > The overflow gave you instant root access from anywhere. And there are still *many* problems remaining. It's a very shoddy progra= m = IMHO, and the "fixes" are merely bandaids while the real problems remain.= = It's string handling and termination really sucks. If *just one* spot wa= s = missed, the holes are still there to exploit all over again. > Cucipop may be a bit better, but why *whack* do you even *whack* > ASK *whack* *whack* ! :-) The cucipop code style scares the hell out of me, but it's bloody fast an= d dots all the i's and crosses all the t's etc - I'd be rather suprised if major holes were found. It has a few bugs that are a bitch to track down= (see previous gripe about code style), but nothing serious. It's mainly = a cosmetic glitch where it announces the per-message size a few bytes too large and fetchmail complains about that. It doesn't know about expired = passwords either. It's got some really devious features too.. :-) You can sabotage the UID= L command to strongly "encourage" your users to NOT keep mail on the server= forever, and do all sorts of things like auto-delete old (read) messages etc. (The UIDL sabotage means that if they select "leave on server", they'll get another "new" copy of each message each time they connect.) > -- = > -[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11= =2E3E ]- > = > The Internet is busy. Please try again later. > = > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > = Cheers, -Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808141932.DAA22339>