system breach

Thomas Nyström thn at
Fri Dec 29 08:56:39 PST 2006

gareth wrote:
> On Thu 2006-12-28 (22:10), David Todd wrote:
>>something's up, nothing in ports will write to a /tmp/download
>>directory, so either you or someone with root access did it.

I just checked one of my servers and also found a /tmp/download
directory with the same files that you had.

I then compared the timestamp of /tmp/download with the timestamp
of the directories in /var/db/pkg: Same.

My conclusion is that during a portupgrade these files were written
there, directly or indirectly by portupgrade or the port itself.

About two years ago I cleaned up a system that really had a
system breach (through some php-based webapplication). I could
then find a directory in /tmp owned by www that contains a
complete distribution with configurescript and the result of the
build.  This /tmp/download doesn't look like that at all.


Svensk Aktuell Elektronik AB                     Thomas Nyström
Box 10                                    Phone: +46 8 35 92 85
S-191 21  Sollentuna                        Fax: +46 8 35 92 86
Sweden                                      Email: thn at

More information about the freebsd-stable mailing list