[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

WC:>: [linux-security] Perl script to locate F0 0F C7 C8 bombs (fwd)

Here is a script that I got from another list I am on.  May be of use to
some peple here.

Chad D. Zimmerman				    chad@dabcc-www.nmsu.edu
Southwest Technology Development Institute
New Mexico State University
HP: http://dabcc-www.nmsu.edu/~chad/
DBP: http://dabcc-www.nmsu.edu/~chad/Debian/
SWAO: http://desertwinds.multipleimage.com/

---------- Forwarded message ----------
Date: Mon, 10 Nov 1997 11:41:17 +0000 (MYT)
To: linuxsa <linuxsa@linuxsa.org.au>
Subject: [linux-security] Perl script to locate F0 0F C7 C8 bombs (fwd)

There is no known fix to the F0 0F C7 C8 bug at this time.  What can be
done, however, is run a program, such as the script after my signature, to
locate any and all such programs.  This script can be used in single
user mode after a mysterious lockup on a multiuser Pentium system.

I hope it is possible to come up with a software fix for this problem.

- Sam

"You can...turn sadness into laughter" -- Sunscreem, _Love_U_More_


# There is no known software fix to the F0 0F C7 C8 bug at this time

# usage: finddeath dir

# where dir is the directory you recursively look at all programs in
# for instances of the F0 0F C7 C8 sequence

# This script will search for programs with this sequence, which will
# help sysadmins take appropriate action against those running such
# programs

# This script is written (but has not been tested) in Perl4, to
# insure maximum compatibility 

sub findit {

  local($dir,$file,@files,$data) = @_;

  undef $/;

  if(!opendir(DIR,$dir)) {
    print STDERR "Can not open $dir: $!\n";
    return 0;


  foreach $file (@files) {
    if($file ne '.' && $file ne '..') {
      if( -f "$dir/$file" && open(FILE,"< $dir/$file")) {
        if($data =~ /\xf0\x0f\xc7\xc8/) {
          print "$dir/$file contains F0 0F C7 C8\n";
        } elsif( -d "$dir/$file") {


$dir = shift || '/home';


Please refere to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.

Check out the LinuxSA web pages at http://www.linuxsa.org.au/
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject

 Join The Web Consultants Association :  Register on our web site Now
Web Consultants Web Site : http://just4u.com/webconsultants
If you lose the instructions All subscription/unsubscribing can be done
directly from our website for all our lists.

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: