From owner-freebsd-security Sun Nov 9 15:35:53 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id PAA14545 for security-outgoing; Sun, 9 Nov 1997 15:35:53 -0800 (PST) (envelope-from owner-freebsd-security) Received: from cwsys.cwsent.com (66@cschuber.net.gov.bc.ca [142.31.240.113]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id PAA14537; Sun, 9 Nov 1997 15:35:36 -0800 (PST) (envelope-from cy@cwsys.cwsent.com) Received: (from uucp@localhost) by cwsys.cwsent.com (8.8.8/8.6.10) id PAA18013; Sun, 9 Nov 1997 15:35:28 -0800 (PST) Message-Id: <199711092335.PAA18013@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpd018003; Sun Nov 9 23:34:28 1997 X-Mailer: exmh version 2.0gamma 1/27/96 Reply-to: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-Sender: cy To: freebsd-security@freebsd.org cc: security-officer@freebsd.org Subject: [linux-security] Perl script to locate F0 0F C7 C8 bombs Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 09 Nov 1997 15:34:27 -0800 Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Here's a little Perl script that may make postmortums a little easier. There's one error in it. The line containing if($data =~ /\xf0\x0f\xc7\xc8/) { should be replaced with if($data =~ /\xf0\x0f\xc7[\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf]/) { as any LOCK CMPXCHG8B opcode with a direct register reference (invalid as cou cannot compare and swap a 64 bit value with a 32 bit value) will cause the P5 chip hangs, e.g. LOCK CMPXCHG8B %EAX or LOCK CMPXCHG8B %EDX. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 UNIX Support OV/VM: BCSC02(CSCHUBER) ITSD BITNET: CSCHUBER@BCSC02.BITNET Government of BC Internet: cschuber@uumail.gov.bc.ca Cy.Schubert@gems8.gov.bc.ca "Quit spooling around, JES do it." ------- Forwarded Message Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.8.8/8.6.10) id OAA22578 for ; Sun, 9 Nov 1997 14:59:21 -0800 (PST) X-UIDL: 879117126.003 Resent-Message-Id: <199711092259.OAA22578@passer.osg.gov.bc.ca> Received: from localhost(127.0.0.1), claiming to be "passer.osg.gov.bc.ca" via SMTP by localhost, id smtpdaawBqa; Sun Nov 9 14:59:11 1997 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.8.8/8.6.10) id OAA23054 for ; Sun, 9 Nov 1997 14:58:51 -0800 (PST) Received: from orca.gov.bc.ca(142.32.102.25) via SMTP by passer.osg.gov.bc.ca, id smtpdaawBga; Sun Nov 9 14:58:32 1997 Received: from mail2.redhat.com by orca.gov.bc.ca (5.4R3.10/200.1.1.4) id AA16352; Sun, 9 Nov 1997 14:58:31 -0800 Received: (qmail 10538 invoked by uid 501); 9 Nov 1997 22:58:29 -0000 Prev-Resent-Date: 9 Nov 1997 22:58:29 -0000 Prev-Resent-Cc: recipient.list.not.shown.;@uumail.gov.bc.ca Mbox-Line: From linux-security-request@redhat.com Sun Nov 9 17:58:28 1997 X-Pop3-Rcpt: t757607@helium Date: Fri, 7 Nov 1997 13:03:23 -0800 (PST) From: Sam Trenholme To: linux-security@redhat.com Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Prev-Resent-Message-Id: <"uM3Km3.0.Ka2.K0aPq"@mail2.redhat.com> Prev-Resent-From: linux-security@redhat.com Reply-To: linux-security@redhat.com X-Mailing-List: archive/latest/341 X-Loop: linux-security@redhat.com Precedence: list Prev-Resent-Sender: linux-security-request@redhat.com Subject: [linux-security] Perl script to locate F0 0F C7 C8 bombs Resent-To: cy@passer.osg.gov.bc.ca Resent-Date: Sun, 09 Nov 1997 14:59:10 -0800 Resent-From: Cy Schubert - ITSD Open Systems Group There is no known fix to the F0 0F C7 C8 bug at this time. What can be done, however, is run a program, such as the script after my signature, to locate any and all such programs. This script can be used in single user mode after a mysterious lockup on a multiuser Pentium system. I hope it is possible to come up with a software fix for this problem. - - Sam "You can...turn sadness into laughter" -- Sunscreem, _Love_U_More_ #!/usr/bin/perl # There is no known software fix to the F0 0F C7 C8 bug at this time # usage: finddeath dir # where dir is the directory you recursively look at all programs in # for instances of the F0 0F C7 C8 sequence # This script will search for programs with this sequence, which will # help sysadmins take appropriate action against those running such # programs # This script is written (but has not been tested) in Perl4, to # insure maximum compatibility sub findit { local($dir,$file,@files,$data) = @_; undef $/; if(!opendir(DIR,$dir)) { print STDERR "Can not open $dir: $!\n"; return 0; } @files=readdir(DIR); foreach $file (@files) { if($file ne '.' && $file ne '..') { if( -f "$dir/$file" && open(FILE,"< $dir/$file")) { $data=; if($data =~ /\xf0\x0f\xc7\xc8/) { print "$dir/$file contains F0 0F C7 C8\n"; } } elsif( -d "$dir/$file") { &findit("$dir/$file"); } } } } $dir = shift || '/home'; &findit($dir); - -- - ---------------------------------------------------------------------- Please refere to the information about this list as well as general information about Linux security at http://www.aoy.com/Linux/Security. - ---------------------------------------------------------------------- To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null ------- End of Forwarded Message