WC:>: [linux-security] Perl script to locate F0 0F C7 C8 bombs (fwd)
Here is a script that I got from another list I am on. May be of use to
some peple here.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Chad D. Zimmerman chad@dabcc-www.nmsu.edu
Southwest Technology Development Institute
New Mexico State University
---
HP: http://dabcc-www.nmsu.edu/~chad/
DBP: http://dabcc-www.nmsu.edu/~chad/Debian/
SWAO: http://desertwinds.multipleimage.com/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
---------- Forwarded message ----------
Date: Mon, 10 Nov 1997 11:41:17 +0000 (MYT)
To: linuxsa <linuxsa@linuxsa.org.au>
Subject: [linux-security] Perl script to locate F0 0F C7 C8 bombs (fwd)
<SNIP>
There is no known fix to the F0 0F C7 C8 bug at this time. What can be
done, however, is run a program, such as the script after my signature, to
locate any and all such programs. This script can be used in single
user mode after a mysterious lockup on a multiuser Pentium system.
I hope it is possible to come up with a software fix for this problem.
- Sam
"You can...turn sadness into laughter" -- Sunscreem, _Love_U_More_
#!/usr/bin/perl
# There is no known software fix to the F0 0F C7 C8 bug at this time
# usage: finddeath dir
# where dir is the directory you recursively look at all programs in
# for instances of the F0 0F C7 C8 sequence
# This script will search for programs with this sequence, which will
# help sysadmins take appropriate action against those running such
# programs
# This script is written (but has not been tested) in Perl4, to
# insure maximum compatibility
sub findit {
local($dir,$file,@files,$data) = @_;
undef $/;
if(!opendir(DIR,$dir)) {
print STDERR "Can not open $dir: $!\n";
return 0;
}
@files=readdir(DIR);
foreach $file (@files) {
if($file ne '.' && $file ne '..') {
if( -f "$dir/$file" && open(FILE,"< $dir/$file")) {
$data=<FILE>;
if($data =~ /\xf0\x0f\xc7\xc8/) {
print "$dir/$file contains F0 0F C7 C8\n";
}
} elsif( -d "$dir/$file") {
&findit("$dir/$file");
}
}
}
}
$dir = shift || '/home';
&findit($dir);
--
----------------------------------------------------------------------
Please refere to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
--
Check out the LinuxSA web pages at http://www.linuxsa.org.au/
To unsubscribe from the LinuxSA list:
mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject
____________________________________________________________________
--------------------------------------------------------------------
Join The Web Consultants Association : Register on our web site Now
Web Consultants Web Site : http://just4u.com/webconsultants
If you lose the instructions All subscription/unsubscribing can be done
directly from our website for all our lists.
---------------------------------------------------------------------
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: