From owner-freebsd-stable@FreeBSD.ORG Fri Dec 29 18:16:09 2006 Return-Path: X-Original-To: stable@freebsd.org Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4B26716A415 for ; Fri, 29 Dec 2006 18:16:09 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from alnrmhc14.comcast.net (alnrmhc14.comcast.net [206.18.177.54]) by mx1.freebsd.org (Postfix) with ESMTP id 22CC713C46C for ; Fri, 29 Dec 2006 18:16:09 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from icarus.home.lan (c-67-174-220-97.hsd1.ca.comcast.net[67.174.220.97]) by comcast.net (alnrmhc14) with ESMTP id <20061229181607b1400mjkqje>; Fri, 29 Dec 2006 18:16:08 +0000 Received: by icarus.home.lan (Postfix, from userid 1000) id C58A11FA039; Fri, 29 Dec 2006 10:16:06 -0800 (PST) Date: Fri, 29 Dec 2006 10:16:06 -0800 From: Jeremy Chadwick To: stable@freebsd.org Message-ID: <20061229181606.GA83815@icarus.home.lan> Mail-Followup-To: stable@freebsd.org References: <20061228231226.GA16587@lordcow.org> <20061229155845.GA1266@lordcow.org> <45954196.9040909@saeab.se> <20061229173916.GA3196@lordcow.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20061229173916.GA3196@lordcow.org> X-PGP-Key: http://jdc.parodius.com/pubkey.asc User-Agent: Mutt/1.5.13 (2006-08-11) Cc: Subject: Re: system breach X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Dec 2006 18:16:09 -0000 On Fri, Dec 29, 2006 at 07:39:16PM +0200, gareth wrote: > oh. ok. well even though that's weird behaviour from a package it's > more plausible since i haven't found anything else suspicious. are > the timestamps exactly the same? i have 4 packages that're 20 minutes > different. which of yours are the same? or was that for all files. > (since i'd like to try an reproduce it). Preface: I am not a portupgrade user, as I'm one of those admins who believes that if the FreeBSD base system ports management data- base/dependancy structure is "flawed" or "ineffective" (which is apparently the reason portupgrade maintains its own separate copy of ports dependancies -- which continues to induce "why are my dependancies not working" support mails to the ports mailing list) then the problem should be fixed in the base system and not require reliance on a third-party tool that induces more headaches. (OK, I am off my soapbox now) I've been following this thread and trying to track down what's been reported (by two people at this point); that is, temporary ports "stuff" getting stored in /tmp/download. A `grep -r '/download$' /usr/ports` returns some results, but not very many. Ones which could raise suspicion, but probably are not the cause, are: /usr/ports/biology/garlic/pkg-plist:%%PORTDOCS%%@dirrm %%DOCSDIR%%/download /usr/ports/lang/diveintopython/Makefile:DIPDLDIR= ${DOCSDIR}/download /usr/ports/lang/diveintopython/pkg-plist:@dirrm %%DOCSDIR%%/download /usr/ports/sysutils/jailuser/pkg-plist:%%PORTDOCS%%%%DOCSDIR%%/download Thus, I decided to go straight to the portupgrade source and look through that. Nothing really shined through, but I did come across something that may or may not help: Apparently pkg_fetch will use either $PKG_TMPDIR or $TMPDIR as a temporary storage location for where things are stored. Taken from the manpage in pkgtools-2.2.2/man/pkg_fetch.1: PKG_TMPDIR TMPDIR (In that order) Temporary directory where pkg_fetch down- loads files temporarily. If neither is not defined, ``/var/tmp'' is used. Do either of the reporters have PKG_TMPDIR or TMPDIR defined in make.conf, their own dotfiles, root's dotfiles, or within their php.ini? I'm wondering if maybe a PHP script is trying to do something with pkg_fetch, and does something like setenv("PKG_TMPDIR", "/tmp/download") before calling system("pkg_fetch ..."). Why a PHP script would do this, I don't know, but it wouldn't surprise me. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |