system breach
Thomas Nyström
thn at saeab.se
Fri Dec 29 10:53:04 PST 2006
Jeremy Chadwick wrote:
>
> I've been following this thread and trying to track down what's been
> reported (by two people at this point); that is, temporary ports
> "stuff" getting stored in /tmp/download.
>
> A `grep -r '/download$' /usr/ports` returns some results, but not
> very many. Ones which could raise suspicion, but probably are not
> the cause, are:
>
> /usr/ports/biology/garlic/pkg-plist:%%PORTDOCS%%@dirrm %%DOCSDIR%%/download
> /usr/ports/lang/diveintopython/Makefile:DIPDLDIR= ${DOCSDIR}/download
> /usr/ports/lang/diveintopython/pkg-plist:@dirrm %%DOCSDIR%%/download
> /usr/ports/sysutils/jailuser/pkg-plist:%%PORTDOCS%%%%DOCSDIR%%/download
>
> Thus, I decided to go straight to the portupgrade source and look
> through that. Nothing really shined through, but I did come across
> something that may or may not help:
>
> Apparently pkg_fetch will use either $PKG_TMPDIR or $TMPDIR as a
> temporary storage location for where things are stored. Taken from
> the manpage in pkgtools-2.2.2/man/pkg_fetch.1:
>
> PKG_TMPDIR
> TMPDIR (In that order) Temporary directory where pkg_fetch down-
> loads files temporarily. If neither is not defined,
> ``/var/tmp'' is used.
>
> Do either of the reporters have PKG_TMPDIR or TMPDIR defined in
> make.conf, their own dotfiles, root's dotfiles, or within their
> php.ini?
Nope.
> I'm wondering if maybe a PHP script is trying to do something with
> pkg_fetch, and does something like setenv("PKG_TMPDIR", "/tmp/download")
> before calling system("pkg_fetch ..."). Why a PHP script would do
> this, I don't know, but it wouldn't surprise me.
>
See my other mail about a suspicous port (pear-1.4.11)
/thn
--
---------------------------------------------------------------
Svensk Aktuell Elektronik AB Thomas Nyström
Box 10 Phone: +46 8 35 92 85
S-191 21 Sollentuna Fax: +46 8 35 92 86
Sweden Email: thn at saeab.se
---------------------------------------------------------------
More information about the freebsd-stable
mailing list