Date: Thu, 27 Apr 2006 00:05:38 EST-10EDT,10,-1,0,7200,3,-1,0,7200,3600 Subject: [UnixOS2_Archive] No. 687 ************************************************** Wednesday 26 April 2006 Number 687 ************************************************** Subjects for today 1 Unix port of Scandisk? : John Poltorak 2 Re: Unix port of Scandisk? : Neil Waldhauer" 3 Re: Unix port of Scandisk? : Patrick Ash " 4 Re: Unix port of Scandisk? : John Poltorak 5 Re: Unix port of Scandisk? : John Poltorak 6 Re: Unix port of Scandisk? : Patrick Ash " 7 Re: Unix port of Scandisk? : John Poltorak 8 Re: Unix port of Scandisk? : Mikkel C. Simonsen" 9 Re: Sendmail : Brendan Oakley" 10 Re: Sendmail : John Poltorak 11 Re: Sendmail : Lyn St George" 12 Re: Sendmail : John Poltorak 14 Newbie Question? : Gene Poole 1 Newbie Question? : Gene Poole **= Email 1 ==========================** Date: Tue, 25 Apr 2006 15:02:22 +0100 From: John Poltorak Subject: Unix port of Scandisk? Does anyone know if there is such a thing as a Unix port of SCANDISK? If so maybe it could be ported to OS/2. I have screwed up a FAT32 partition and am unable to boot Windows on it to fix it. Any suggestions on what options are available for recovering this partition? Before anyone suggests DFSee, I've tried it but there are so many options that I can't figure out how to go about it. -- John **= Email 2 ==========================** Date: Tue, 25 Apr 2006 07:32:28 -0700 From: "Neil Waldhauer" Subject: Re: Unix port of Scandisk? On Tue, 25 Apr 2006 15:02:22 +0100, John Poltorak wrote: > Before anyone suggests DFSee, I've tried it but there are so > many options that I can't figure out how to go about it. I wish you could attend the BayWarp meeting tonight, when I present the first of two sessions on using DFSee. I think the product has gotten a bit easier to use in the 7.xx and 8.xx versions. I now just use the VIO menuing system. 1. Start DFSOS2.EXE 2. Use the file menu to select the FAT32 partition 3. use the actions menu to Scan the partition 4. use the file menu to exit I hope this helps, but good luck finding a scandisk port in any case. Neil -- Neil Waldhauer, neil at blondeguy.com Vacuuming is more fun when the hamsters are loose. **= Email 3 ==========================** Date: Tue, 25 Apr 2006 10:55:00 +0000 From: "Patrick Ash " Subject: Re: Unix port of Scandisk? go here to get an image of the Win98 Se boot disk. You can run scandisk from the bootable disk. http://1gighost.net/keywest/win98sc.zip On Tue, 25 Apr 2006 15:02:22 +0100, John Poltorak wrote: > > >Does anyone know if there is such a thing as a Unix port of SCANDISK? > >If so maybe it could be ported to OS/2. > >I have screwed up a FAT32 partition and am unable to boot Windows on it to >fix it. > >Any suggestions on what options are available for recovering this >partition? Before anyone suggests DFSee, I've tried it but there are so >many options that I can't figure out how to go about it. **= Email 4 ==========================** Date: Tue, 25 Apr 2006 16:12:00 +0100 From: John Poltorak Subject: Re: Unix port of Scandisk? On Tue, Apr 25, 2006 at 07:32:28AM -0700, Neil Waldhauer wrote: > On Tue, 25 Apr 2006 15:02:22 +0100, John Poltorak wrote: > > > Before anyone suggests DFSee, I've tried it but there are so > > many options that I can't figure out how to go about it. > > I wish you could attend the BayWarp meeting tonight, I really wish I could make it, but it's 6,000 miles away... I don't think I'll ever be able to use DFSee until I see it demonstrated. > when I present the first > of two sessions on using DFSee. I think the product has gotten a bit easier to > use in the 7.xx and 8.xx versions. I've struggled to understand DFSee for years, but you have to be a disk doctor to be able to use it. It really needs to have a basic and advanced mode otherwise people like me get lost with too many options. > I now just use the VIO menuing system. > > 1. Start DFSOS2.EXE > 2. Use the file menu to select the FAT32 partition > 3. use the actions menu to Scan the partition > 4. use the file menu to exit The problem is that I come across messages like this and don't really know what to do. Just reading the documentation doesn't really help if you don't know what all the buzzwords mean. Warning: The first and second FAT areas are NOT identical! This could be the result of a crash, virus, or a damaged disk. You could use the operating systems CHKDSK or DFSee FATSIM and FATWRIM commands to correct this (see documentation DFSFAT.TXT). I could do with some explanation of what FATSIM and FATWRIM actually do and how much damage I can do inadvertantly if I use them incorrectly. > I hope this helps, but good luck finding a scandisk port in any case. > > Neil > -- > Neil Waldhauer, neil at blondeguy.com > > Vacuuming is more fun when the hamsters are loose. -- John **= Email 5 ==========================** Date: Tue, 25 Apr 2006 16:15:50 +0100 From: John Poltorak Subject: Re: Unix port of Scandisk? On Tue, Apr 25, 2006 at 10:55:00AM +0000, Patrick Ash wrote: > go here to get an image of the Win98 Se boot disk. You can run > scandisk from the bootable disk. > > http://1gighost.net/keywest/win98sc.zip Would this work with Windows Millenium Edition? I noticed when trying to boot ME that it does not have a command prompt option when doing a maintenance boot via F7 (or F8). So how are you supposed to get to a command prompt? -- John **= Email 6 ==========================** Date: Tue, 25 Apr 2006 12:42:29 +0000 From: "Patrick Ash " Subject: Re: Unix port of Scandisk? I don't really have any experience with ME, but I don't remember any changes to fat32 between Win98 and ME. I suppose you could use the Win98 disk to boot up and run scandisk in the analyze mode without making any changes to see if it recognizes the ME version of the file system. Good luck. Pat On Tue, 25 Apr 2006 16:15:50 +0100, John Poltorak wrote: >On Tue, Apr 25, 2006 at 10:55:00AM +0000, Patrick Ash wrote: >> go here to get an image of the Win98 Se boot disk. You can run >> scandisk from the bootable disk. >> >> http://1gighost.net/keywest/win98sc.zip > >Would this work with Windows Millenium Edition? > >I noticed when trying to boot ME that it does not have a command prompt >option when doing a maintenance boot via F7 (or F8). So how are you >supposed to get to a command prompt? **= Email 7 ==========================** Date: Tue, 25 Apr 2006 17:58:07 +0100 From: John Poltorak Subject: Re: Unix port of Scandisk? On Tue, Apr 25, 2006 at 12:42:29PM +0000, Patrick Ash wrote: > I don't really have any experience with ME, but I don't remember any > changes to fat32 between Win98 and ME. I suppose you could use the > Win98 disk to boot up and run scandisk in the analyze mode without > making any changes to see if it recognizes the ME version of the file > system. Good luck. Is there an alternative to the FIRM.COM for writing the image to floppy? It doesn't work here. Maybe the DD utility would work... > Pat > > > On Tue, 25 Apr 2006 16:15:50 +0100, John Poltorak wrote: > > >On Tue, Apr 25, 2006 at 10:55:00AM +0000, Patrick Ash wrote: > >> go here to get an image of the Win98 Se boot disk. You can run > >> scandisk from the bootable disk. > >> > >> http://1gighost.net/keywest/win98sc.zip > > > >Would this work with Windows Millenium Edition? > > > >I noticed when trying to boot ME that it does not have a command prompt > >option when doing a maintenance boot via F7 (or F8). So how are you > >supposed to get to a command prompt? > > > -- John **= Email 8 ==========================** Date: Tue, 25 Apr 2006 19:34:25 +0200 From: "Mikkel C. Simonsen" Subject: Re: Unix port of Scandisk? John Poltorak wrote: > Is there an alternative to the FIRM.COM for writing the image to floppy? > > It doesn't work here. Maybe the DD utility would work... You can download "raw" diskimages somewhere, and just use loaddskf or image to write the disks. Best regards, Mikkel C. Simonsen **= Email 9 ==========================** Date: Tue, 25 Apr 2006 11:33:36 -0700 From: "Brendan Oakley" Subject: Re: Sendmail ------=_Part_18039_27619904.1145990016314 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hi John. On 4/25/06, John Poltorak wrote: > > On Mon, Apr 24, 2006 at 01:38:36PM -0700, Brendan Oakley wrote: > > Which security holes? Excerpted from Sendmail release notes since 8.12.3, just the "critical" security fixes: 8.12.8/8.12.8 2003/02/11 SECURITY: Fix a remote buffer overflow in header parsing by dropping sender and recipient header comments if the comments are too long. Problem noted by Mark Dowd of ISS X-Force. 8.12.9/8.12.9 2003/03/29 SECURITY: Fix a buffer overflow in address parsing due to a char to int conversion problem which is potentially remotely exploitable. Problem found by Michal Zalewski. Note: an MTA that is not patched might be vulnerable to data that it receives from untrusted sources, which includes DNS. 8.12.10/8.12.10 2003/09/24 (Release: 2003/09/17) SECURITY: Fix a buffer overflow in address parsing. Problem detected by Michal Zalewski, patch from Todd C. Miller of Courtesan Consulting. 8.13.6/8.13.6 2006/03/22 SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server and client side of sendmail with timeouts in the libsm I/O layer and fix problems in that code. Also fix handling of a buffer in sm_syslog() which could have been used as an attack vector to exploit the unsafe handling of setjmp(3)/longjmp(3) in combination with signals. Problem detected by Mark Dowd of ISS X-Force. > I'm using IBM's last Sendmail for OS/2 as my mail server and have been > doing so for around six years. What problems are you having? I'm not having any problems. IBM Sendmail simply is not applicable to my work, where we use the latest Sendmail. > I would be interested in being able to use real sendmail, but building it > is rather tricky. > > Incidentally there is a new generation of sendmail in development - > SendmailX. If anyone is interested in building sendmail on OS/2, it may b= e > an idea to get involved with that on the ground floor and ensure it build= s > on OS/2 from day one rather than trying to retrofit OS/2 several years > later after much hacking. I rather wish we used Sendmail X, or anything other than Sendmail. :P > The idea of being able to unpack the original sendmail source and run > 'build' and have a good chance of creating an OS/2 executable is very > appealing to me. It would be nice to see that happen. Sendmail seems to be pretty portable, but abominably complex. I'll let you know how it goes, when I get to it. Soon. > -- > John Brendan ------=_Part_18039_27619904.1145990016314 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hi John.

On 4/25/06, John Poltorak <jp at w= arpix.org> wrote:
On Mon, Apr 24, 2006 at 01:38:36PM -0700, Brendan Oakley wrote:

Whic= h security holes?

Excerpted from Sendmail release notes since 8.12.3, just the "critical= " security fixes:

8.12.8/8.12.8    2003/02/11
    SECURITY: Fix a remote buffer overflow in header parsing= by
        dropping sender and recipient header = comments if the
        comments are too long.  Problem = noted by Mark Dowd
        of ISS X-Force.

8.12.9/8.12.9    2003/03/29
    SECURITY: Fix a buffer overflow in address parsing due t= o
        a char to int conversion problem whic= h is potentially
        remotely exploitable.  Problem f= ound by Michal Zalewski.
          Note: an MTA that is not patch= ed might be vulnerable to
        data that it receives from untrusted = sources, which
        includes DNS.

8.12.10/8.12.10    2003/09/24 (Release: 2003/09/17)
    SECURITY: Fix a buffer overflow in address parsing. = ; Problem
        detected by Michal Zalewski, patch fr= om Todd C. Miller
        of Courtesan Consulting.
  
8.13.6/8.13.6    2006/03/22
    SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in = the server
        and client side of sendmail with time= outs in the libsm I/O
        layer and fix problems in that code.&= nbsp; Also fix handling of
        a buffer in sm_syslog() which could h= ave been used as an
        attack vector to exploit the unsafe h= andling of
        setjmp(3)/longjmp(3) in combination w= ith signals.
        Problem detected by Mark Dowd of ISS = X-Force.

 
I'm using I= BM's last Sendmail for OS/2 as my mail server and have been
doing so for= around six years. What problems are you having?

I'm not having any problems. IBM Sendmail simply is not applicable to my wo= rk, where we use the latest Sendmail.
 
I would be = interested in being able to use real sendmail, but building it
is rather= tricky.

Incidentally there is a new generation of sendmail in development -=
SendmailX. If anyone is interested in building sendmail on OS/2, it may= be
an idea to get involved with that on the ground floor and ensure it = builds
on OS/2 from day one rather than trying to retrofit OS/2 several years<= br>later after much hacking.

I rather wish we used Sendmail X, or anything other than Sendmail. :P
 
The idea of= being able to unpack the original sendmail source and run
'build' and h= ave a good chance of creating an OS/2 executable is very
appealing to me. It would be nice to see that happen.
=
Sendmail seems to be pretty portable, but abominably complex. I'll let you = know how it goes, when I get to it. Soon.
 
--
John<= /blockquote>


Brendan


------=_Part_18039_27619904.1145990016314-- **= Email 10 ==========================** Date: Wed, 26 Apr 2006 09:38:52 +0100 From: John Poltorak Subject: Re: Sendmail On Tue, Apr 25, 2006 at 11:33:36AM -0700, Brendan Oakley wrote: > Hi John. > > > I would be interested in being able to use real sendmail, but building it > > is rather tricky. > > > > Incidentally there is a new generation of sendmail in development - > > SendmailX. If anyone is interested in building sendmail on OS/2, it may be > > an idea to get involved with that on the ground floor and ensure it builds > > on OS/2 from day one rather than trying to retrofit OS/2 several years > > later after much hacking. > > > I rather wish we used Sendmail X, or anything other than Sendmail. :P > > > > The idea of being able to unpack the original sendmail source and run > > 'build' and have a good chance of creating an OS/2 executable is very > > appealing to me. It would be nice to see that happen. > > > Sendmail seems to be pretty portable, but abominably complex. I'll let you > know how it goes, when I get to it. Soon. I would love to be able to have a real version of Sendmail available to me, but the last time I tried getting it built I couldn't get it to work with Majordomo which I use for managing this list, so I gave up and went back to IBM's version. One thing which I would dearly like to have is a front end for configuring it though. Maybe Webmin would provide that but I can't get that working properly and it is unlikely that it could be used with IBM's Sendmail anyway. Maybe trying to get Sendmail X built on OS/2 is the best way to go at the moment. > Brendan -- John **= Email 11 ==========================** Date: Wed, 26 Apr 2006 10:29:50 +0100 (BST) From: "Lyn St George" Subject: Re: Sendmail On Wed, 26 Apr 2006 09:38:52 +0100, John Poltorak wrote: > >I would love to be able to have a real version of Sendmail available to >me, but the last time I tried getting it built I couldn't get it to work >with Majordomo which I use for managing this list, so I gave up and went >back to IBM's version. > >One thing which I would dearly like to have is a front end for configuring >it though. Maybe Webmin would provide that but I can't get that working >properly and it is unlikely that it could be used with IBM's Sendmail >anyway. Webmin has modules for configuring Sendmail and Postfix, and while I still haven't had the time to fix my system so as to get the latest Webmin going, I do still intend to ... >Maybe trying to get Sendmail X built on OS/2 is the best way to go at the >moment. What about Peter Moylan's Weasel? I use it on this WSeB machine as backup mail server (the main one being Postfix on a Linux machine). If you're looking for something solid to use, rather than a porting exercise, then Weasel seems to me to be an excellent choice. And classic Sendmail will never be secure - by the time they've rebuilt Sendmail to be secure (which maybe Sendmail X might be) then you have ended up with Postfix. So it's better to go straight to Postfix. - Lyn **= Email 12 ==========================** Date: Wed, 26 Apr 2006 10:48:26 +0100 From: John Poltorak Subject: Re: Sendmail On Wed, Apr 26, 2006 at 10:29:50AM +0100, Lyn St George wrote: > On Wed, 26 Apr 2006 09:38:52 +0100, John Poltorak wrote: > > > > >I would love to be able to have a real version of Sendmail available to > >me, but the last time I tried getting it built I couldn't get it to work > >with Majordomo which I use for managing this list, so I gave up and went > >back to IBM's version. > > > >One thing which I would dearly like to have is a front end for configuring > >it though. Maybe Webmin would provide that but I can't get that working > >properly and it is unlikely that it could be used with IBM's Sendmail > >anyway. > > Webmin has modules for configuring Sendmail and Postfix, and while > I still haven't had the time to fix my system so as to get the latest Webmin > going, I do still intend to ... Well let me know when you do. It's frustrating since I did have Webmin working at one time, at least partially but could never use it for configuring anything. > >Maybe trying to get Sendmail X built on OS/2 is the best way to go at the > >moment. > > What about Peter Moylan's Weasel? I use it on this WSeB machine as > backup mail server (the main one being Postfix on a Linux machine). If > you're looking for something solid to use, rather than a porting exercise, > then Weasel seems to me to be an excellent choice. And classic Sendmail > will never be secure - by the time they've rebuilt Sendmail to be secure (which > maybe Sendmail X might be) then you have ended up with Postfix. So it's > better to go straight to Postfix. I intend to keep using Sendmail - I use Majordomo with it. I'd just like a version of Sendmail which is consistant with the big Sendmail book I have. One thing I like about Sendmail is it's ability to do some mail processing during the mail transaction itself. I don't know of any other mailer which can do this, and would live to have this feature available on OS/2. > - > Lyn > -- John **= Email 14 ==========================** Date: Wed, 26 Apr 2006 09:05:02 -0400 From: Gene Poole Subject: Newbie Question? I'm not sure if this is the proper place to ask, but here goes: I've searched, but could not find, some documentation on the correct drive, and directory layout for the unix-os/2 environment. Does anyone know where I can find such a document? Also, where can I find the instructions on installing, configuring, and using XFree86-OS/2 v4.5.0 (is that the latest)? Thanks, Gene Poole gene.poole at fds.com **= Email 1 ==========================** Date: Wed, 26 Apr 2006 09:05:02 -0400 From: Gene Poole Subject: Newbie Question? I'm not sure if this is the proper place to ask, but here goes: I've searched, but could not find, some documentation on the correct drive, and directory layout for the unix-os/2 environment. Does anyone know where I can find such a document? Also, where can I find the instructions on installing, configuring, and using XFree86-OS/2 v4.5.0 (is that the latest)? Thanks, Gene Poole gene.poole at fds.com