system breach

Jeremy Chadwick koitsu at
Fri Dec 29 10:16:09 PST 2006

On Fri, Dec 29, 2006 at 07:39:16PM +0200, gareth wrote:
> oh. ok. well even though that's weird behaviour from a package it's
> more plausible since i haven't found anything else suspicious. are
> the timestamps exactly the same? i have 4 packages that're 20 minutes
> different. which of yours are the same? or was that for all files.
> (since i'd like to try an reproduce it).

Preface: I am not a portupgrade user, as I'm one of those admins
who believes that if the FreeBSD base system ports management data-
base/dependancy structure is "flawed" or "ineffective" (which is
apparently the reason portupgrade maintains its own separate copy
of ports dependancies -- which continues to induce "why are my
dependancies not working" support mails to the ports mailing list)
then the problem should be fixed in the base system and not require
reliance on a third-party tool that induces more headaches.  (OK, I
am off my soapbox now)

I've been following this thread and trying to track down what's been
reported (by two people at this point); that is, temporary ports
"stuff" getting stored in /tmp/download.

A `grep -r '/download$' /usr/ports` returns some results, but not
very many.  Ones which could raise suspicion, but probably are not
the cause, are:

/usr/ports/biology/garlic/pkg-plist:%%PORTDOCS%%@dirrm %%DOCSDIR%%/download
/usr/ports/lang/diveintopython/Makefile:DIPDLDIR=	${DOCSDIR}/download
/usr/ports/lang/diveintopython/pkg-plist:@dirrm %%DOCSDIR%%/download

Thus, I decided to go straight to the portupgrade source and look
through that.  Nothing really shined through, but I did come across
something that may or may not help:

Apparently pkg_fetch will use either $PKG_TMPDIR or $TMPDIR as a
temporary storage location for where things are stored.  Taken from
the manpage in pkgtools-2.2.2/man/pkg_fetch.1:

  TMPDIR         (In that order) Temporary directory where pkg_fetch down-
                 loads files temporarily.  If neither is not defined,
                 ``/var/tmp'' is used.

Do either of the reporters have PKG_TMPDIR or TMPDIR defined in
make.conf, their own dotfiles, root's dotfiles, or within their

I'm wondering if maybe a PHP script is trying to do something with
pkg_fetch, and does something like setenv("PKG_TMPDIR", "/tmp/download")
before calling system("pkg_fetch ...").  Why a PHP script would do
this, I don't know, but it wouldn't surprise me.

| Jeremy Chadwick                                 jdc at |
| Parodius Networking               |
| UNIX Systems Administrator                   Mountain View, CA, USA |
| Making life hard for others since 1977.               PGP: 4BD6C0CB |

More information about the freebsd-stable mailing list