Here is a script that I got from another list I am on. May be of use to some peple here.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Chad D. Zimmerman [EMAIL PROTECTED] Southwest Technology Development Institute New Mexico State University --- HP: http://dabcc-www.nmsu.edu/~chad/ DBP: http://dabcc-www.nmsu.edu/~chad/Debian/ SWAO: http://desertwinds.multipleimage.com/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ---------- Forwarded message ---------- Date: Mon, 10 Nov 1997 11:41:17 +0000 (MYT) To: linuxsa <[EMAIL PROTECTED]> Subject: [linux-security] Perl script to locate F0 0F C7 C8 bombs (fwd) <SNIP> There is no known fix to the F0 0F C7 C8 bug at this time. What can be done, however, is run a program, such as the script after my signature, to locate any and all such programs. This script can be used in single user mode after a mysterious lockup on a multiuser Pentium system. I hope it is possible to come up with a software fix for this problem. - Sam "You can...turn sadness into laughter" -- Sunscreem, _Love_U_More_ #!/usr/bin/perl # There is no known software fix to the F0 0F C7 C8 bug at this time # usage: finddeath dir # where dir is the directory you recursively look at all programs in # for instances of the F0 0F C7 C8 sequence # This script will search for programs with this sequence, which will # help sysadmins take appropriate action against those running such # programs # This script is written (but has not been tested) in Perl4, to # insure maximum compatibility sub findit { local($dir,$file,@files,$data) = @_; undef $/; if(!opendir(DIR,$dir)) { print STDERR "Can not open $dir: $!\n"; return 0; } @files=readdir(DIR); foreach $file (@files) { if($file ne '.' && $file ne '..') { if( -f "$dir/$file" && open(FILE,"< $dir/$file")) { $data=<FILE>; if($data =~ /\xf0\x0f\xc7\xc8/) { print "$dir/$file contains F0 0F C7 C8\n"; } } elsif( -d "$dir/$file") { &findit("$dir/$file"); } } } } $dir = shift || '/home'; &findit($dir); -- ---------------------------------------------------------------------- Please refere to the information about this list as well as general information about Linux security at http://www.aoy.com/Linux/Security. ---------------------------------------------------------------------- -- Check out the LinuxSA web pages at http://www.linuxsa.org.au/ To unsubscribe from the LinuxSA list: mail [EMAIL PROTECTED] with "unsubscribe" as the subject ____________________________________________________________________ -------------------------------------------------------------------- Join The Web Consultants Association : Register on our web site Now Web Consultants Web Site : http://just4u.com/webconsultants If you lose the instructions All subscription/unsubscribing can be done directly from our website for all our lists. --------------------------------------------------------------------- -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .