system breach

Brandon S. Allbery KF8NH allbery at
Fri Dec 29 11:40:26 PST 2006

On Dec 29, 2006, at 13:53 , Thomas Nyström wrote:

>> I'm wondering if maybe a PHP script is trying to do something with
>> pkg_fetch, and does something like setenv("PKG_TMPDIR", "/tmp/ 
>> download")
>> before calling system("pkg_fetch ...").  Why a PHP script would do
>> this, I don't know, but it wouldn't surprise me.
> See my other mail about a suspicous port (pear-1.4.11)

PEAR would also make sense; it's a (apparently lamer, at least  
security-wise; then again, it *is* PHP :> ) CPAN-alike for PHP.

brandon s. allbery    [linux,solaris,freebsd,perl]     allbery at
system administrator [openafs,heimdal,too many hats] allbery at
electrical and computer engineering, carnegie mellon university    KF8NH

More information about the freebsd-stable mailing list