I just wanted ot repost this from the Linux-security list. Thought it
might be helpful to some here. This was posted to Linux-security by Sam
Trenholme <set@reality.samiam.org>.
#!/usr/bin/perl
# There is no known software fix to the F0 0F C7 C8 bug at this time
# usage: finddeath dir
# where dir is the directory you recursively look at all programs in
# for instances of the F0 0F C7 C8 sequence
# This script will search for programs with this sequence, which will
# help sysadmins take appropriate action against those running such
# programs
# This script is written (but has not been tested) in Perl4, to
# insure maximum compatibility
sub findit {
local($dir,$file,@files,$data) = @_;
undef $/;
if(!opendir(DIR,$dir)) {
print STDERR "Can not open $dir: $!\n";
return 0;
}
@files=readdir(DIR);
foreach $file (@files) {
if($file ne '.' && $file ne '..') {
if( -f "$dir/$file" && open(FILE,"< $dir/$file")) {
$data=<FILE>;
if($data =~ /\xf0\x0f\xc7\xc8/) {
print "$dir/$file contains F0 0F C7 C8\n";
}
} elsif( -d "$dir/$file") {
&findit("$dir/$file");
}
}
}
}
$dir = shift || '/home';
&findit($dir);