At 8:32 PM +0200 7/18/02, Valor Rom� wrote: > Dear Qpopper fans: > > My question is relative to the particular and curios feature > 'PopSend' of Eudora and Qpopper. I use this feature to send from my > mobile computer, and works really fine. > > However, PopSend is completely undocumented in the Qpopper guide, > or the FAQs, and even if you make a search on Google about it you > find no descriptive matches.
Try looking for "XTND XMIT", which the name of this extension. > > What I want to know is: > > 1) Has anyone with a good knowledge of security (not as mine :-) > thought about that popsend feature could be used for malicious > people to execute some code in the system. Is it possible to send a > buffer overflow to Qpopper, when invoking sendmail, that can > compromise security? > > 2) What does exactly invoke Qpopper? Makes a temporary file with > the message, pipes to sendmail... ??�?�? It makes a temporary file, and invokes a program which can be selected by the administrator. It defaults to sendmail. > > 3) How can popsend feature on qpopper, if wanted, be COMPLETELY > disabled? Need to recompile qpopper? What lines or modules should > be commented out or deleted? Select a null path to the executable.
