system breach
Thomas Nyström
thn at saeab.se
Fri Dec 29 08:56:39 PST 2006
gareth wrote:
> On Thu 2006-12-28 (22:10), David Todd wrote:
>
>>something's up, nothing in ports will write to a /tmp/download
>>directory, so either you or someone with root access did it.
I just checked one of my servers and also found a /tmp/download
directory with the same files that you had.
I then compared the timestamp of /tmp/download with the timestamp
of the directories in /var/db/pkg: Same.
My conclusion is that during a portupgrade these files were written
there, directly or indirectly by portupgrade or the port itself.
About two years ago I cleaned up a system that really had a
system breach (through some php-based webapplication). I could
then find a directory in /tmp owned by www that contains a
complete distribution with configurescript and the result of the
build. This /tmp/download doesn't look like that at all.
/thn
--
---------------------------------------------------------------
Svensk Aktuell Elektronik AB Thomas Nyström
Box 10 Phone: +46 8 35 92 85
S-191 21 Sollentuna Fax: +46 8 35 92 86
Sweden Email: thn at saeab.se
---------------------------------------------------------------
More information about the freebsd-stable
mailing list