WC:>: [linux-security] Perl script to locate F0 0F C7 C8 bombs (fwd)

To: Debian Users List <debian-user@lists.debian.org>
Subject: WC:>: [linux-security] Perl script to locate F0 0F C7 C8 bombs (fwd)
From: "Chad D. Zimmerman" <chad@dabcc-www.nmsu.edu>
Date: Mon, 10 Nov 1997 08:30:53 -0700 (MST)
Message-id: <Pine.LNX.3.95.971110082951.6954B-100000@dabcc-www.nmsu.edu>

Here is a script that I got from another list I am on.  May be of use to
some peple here.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Chad D. Zimmerman				    chad@dabcc-www.nmsu.edu
Southwest Technology Development Institute
New Mexico State University
---
HP: http://dabcc-www.nmsu.edu/~chad/
DBP: http://dabcc-www.nmsu.edu/~chad/Debian/
SWAO: http://desertwinds.multipleimage.com/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

---------- Forwarded message ----------
Date: Mon, 10 Nov 1997 11:41:17 +0000 (MYT)
To: linuxsa <linuxsa@linuxsa.org.au>
Subject: [linux-security] Perl script to locate F0 0F C7 C8 bombs (fwd)

<SNIP>
There is no known fix to the F0 0F C7 C8 bug at this time.  What can be
done, however, is run a program, such as the script after my signature, to
locate any and all such programs.  This script can be used in single
user mode after a mysterious lockup on a multiuser Pentium system.

I hope it is possible to come up with a software fix for this problem.

- Sam

"You can...turn sadness into laughter" -- Sunscreem, _Love_U_More_

#!/usr/bin/perl 

# There is no known software fix to the F0 0F C7 C8 bug at this time

# usage: finddeath dir

# where dir is the directory you recursively look at all programs in
# for instances of the F0 0F C7 C8 sequence

# This script will search for programs with this sequence, which will
# help sysadmins take appropriate action against those running such
# programs

# This script is written (but has not been tested) in Perl4, to
# insure maximum compatibility 

sub findit {

  local($dir,$file,@files,$data) = @_;

  undef $/;

  if(!opendir(DIR,$dir)) {
    print STDERR "Can not open $dir: $!\n";
    return 0;
    }

  @files=readdir(DIR);

  foreach $file (@files) {
    if($file ne '.' && $file ne '..') {
      if( -f "$dir/$file" && open(FILE,"< $dir/$file")) {
        $data=<FILE>;
        if($data =~ /\xf0\x0f\xc7\xc8/) {
          print "$dir/$file contains F0 0F C7 C8\n";
          }
        } elsif( -d "$dir/$file") {
          &findit("$dir/$file");
        }
      }
    }

  }

$dir = shift || '/home';

&findit($dir);
    

-- 
----------------------------------------------------------------------
Please refere to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------



-- 
Check out the LinuxSA web pages at http://www.linuxsa.org.au/
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject

____________________________________________________________________
--------------------------------------------------------------------
 Join The Web Consultants Association :  Register on our web site Now
Web Consultants Web Site : http://just4u.com/webconsultants
If you lose the instructions All subscription/unsubscribing can be done
directly from our website for all our lists.
---------------------------------------------------------------------


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: WC:>: [linux-security] Perl script to locate F0 0F C7 C8 bombs (fwd)
  - From: ychim@ForeverMail.com

Prev by Date: Re: Setting volume size for dump
Next by Date: Re: CD mount
Previous by thread: Update: mounting MS-DOS fs onto Linux
Next by thread: Re: WC:>: [linux-security] Perl script to locate F0 0F C7 C8 bombs (fwd)
Index(es):
- Date
- Thread