Bugtraq mailing list archives
Re: serious Qpopper 3.0 vulnerability
From: mak () KHA0S ORG (M. Adam Kendall)
Date: Wed, 1 Dec 1999 13:12:39 -0500
On 30-Nov-1999 Josh Higham wrote:
PS: The installation file suggests to run qpopper without tcpd, e.g.: pop3 stream tcp nowait root /usr/local/lib/qpopper qpopper -s I would NOT suggest doing it that way. Use:Does anyone know why qpopper suggests running without wrappers?
It doesn't suggest running it without wrappers.. it just doesn't suggest that you DO. Like most documentation, it doesn't assume you are running anything but their software, and therefore doesn't specifically mention the use of wrappers. How are they supposed to know that YOU (specifically) happen to have something else installed? Hell, even those vendors that DO know you have wrappers installed don't mention anything about it. Those are the folks that you should be 'scolding'. Just as a case in point, from a stock RH6.1 box: #linuxconf stream tcp wait root /bin/linuxconf linuxconf --http *sigh* -- M. Adam Kendall | mak () kha0s org | "There's never enough time to do http://kha0s.org | all the nothing you want." | --Bill Watterson (Calvin and Hobbes)
Current thread:
- Re: serious Qpopper 3.0 vulnerability Josh Higham (Nov 30)
- Re: serious Qpopper 3.0 vulnerability M. Adam Kendall (Dec 01)
- <Possible follow-ups>
- Re: serious Qpopper 3.0 vulnerability Dan Groscost (Nov 30)
- Re: serious Qpopper 3.0 vulnerability Elgin Lee (Nov 30)
- Re: serious Qpopper 3.0 vulnerability Qpopper Support (Nov 30)