[1658] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Perl script to locate F0 0F C7 C8 bombs

daemon@ATHENA.MIT.EDU (Sam Trenholme)
Sun Nov 9 18:35:35 1997

Date: Fri, 7 Nov 1997 13:03:23 -0800 (PST)
From: Sam Trenholme <set@reality.samiam.org>
To: linux-security@redhat.com
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com


There is no known fix to the F0 0F C7 C8 bug at this time.  What can be
done, however, is run a program, such as the script after my signature, to
locate any and all such programs.  This script can be used in single
user mode after a mysterious lockup on a multiuser Pentium system.

I hope it is possible to come up with a software fix for this problem.

- Sam

"You can...turn sadness into laughter" -- Sunscreem, _Love_U_More_

#!/usr/bin/perl 

# There is no known software fix to the F0 0F C7 C8 bug at this time

# usage: finddeath dir

# where dir is the directory you recursively look at all programs in
# for instances of the F0 0F C7 C8 sequence

# This script will search for programs with this sequence, which will
# help sysadmins take appropriate action against those running such
# programs

# This script is written (but has not been tested) in Perl4, to
# insure maximum compatibility 

sub findit {

  local($dir,$file,@files,$data) = @_;

  undef $/;

  if(!opendir(DIR,$dir)) {
    print STDERR "Can not open $dir: $!\n";
    return 0;
    }

  @files=readdir(DIR);

  foreach $file (@files) {
    if($file ne '.' && $file ne '..') {
      if( -f "$dir/$file" && open(FILE,"< $dir/$file")) {
        $data=<FILE>;
        if($data =~ /\xf0\x0f\xc7\xc8/) {
          print "$dir/$file contains F0 0F C7 C8\n";
          }
        } elsif( -d "$dir/$file") {
          &findit("$dir/$file");
        }
      }
    }

  }

$dir = shift || '/home';

&findit($dir);
    

-- 
----------------------------------------------------------------------
Please refere to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post