Date: Fri, 29 Dec 2006 10:16:06 -0800 From: Jeremy Chadwick <koitsu@FreeBSD.org> To: stable@freebsd.org Subject: Re: system breach Message-ID: <20061229181606.GA83815@icarus.home.lan> In-Reply-To: <20061229173916.GA3196@lordcow.org> References: <20061228231226.GA16587@lordcow.org> <b91012310612282010m22a6bbdbp97bf7bdecca1530@mail.gmail.com> <20061229155845.GA1266@lordcow.org> <45954196.9040909@saeab.se> <20061229173916.GA3196@lordcow.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 29, 2006 at 07:39:16PM +0200, gareth wrote:
> oh. ok. well even though that's weird behaviour from a package it's
> more plausible since i haven't found anything else suspicious. are
> the timestamps exactly the same? i have 4 packages that're 20 minutes
> different. which of yours are the same? or was that for all files.
> (since i'd like to try an reproduce it).
Preface: I am not a portupgrade user, as I'm one of those admins
who believes that if the FreeBSD base system ports management data-
base/dependancy structure is "flawed" or "ineffective" (which is
apparently the reason portupgrade maintains its own separate copy
of ports dependancies -- which continues to induce "why are my
dependancies not working" support mails to the ports mailing list)
then the problem should be fixed in the base system and not require
reliance on a third-party tool that induces more headaches. (OK, I
am off my soapbox now)
I've been following this thread and trying to track down what's been
reported (by two people at this point); that is, temporary ports
"stuff" getting stored in /tmp/download.
A `grep -r '/download$' /usr/ports` returns some results, but not
very many. Ones which could raise suspicion, but probably are not
the cause, are:
/usr/ports/biology/garlic/pkg-plist:%%PORTDOCS%%@dirrm %%DOCSDIR%%/download
/usr/ports/lang/diveintopython/Makefile:DIPDLDIR= ${DOCSDIR}/download
/usr/ports/lang/diveintopython/pkg-plist:@dirrm %%DOCSDIR%%/download
/usr/ports/sysutils/jailuser/pkg-plist:%%PORTDOCS%%%%DOCSDIR%%/download
Thus, I decided to go straight to the portupgrade source and look
through that. Nothing really shined through, but I did come across
something that may or may not help:
Apparently pkg_fetch will use either $PKG_TMPDIR or $TMPDIR as a
temporary storage location for where things are stored. Taken from
the manpage in pkgtools-2.2.2/man/pkg_fetch.1:
PKG_TMPDIR
TMPDIR (In that order) Temporary directory where pkg_fetch down-
loads files temporarily. If neither is not defined,
``/var/tmp'' is used.
Do either of the reporters have PKG_TMPDIR or TMPDIR defined in
make.conf, their own dotfiles, root's dotfiles, or within their
php.ini?
I'm wondering if maybe a PHP script is trying to do something with
pkg_fetch, and does something like setenv("PKG_TMPDIR", "/tmp/download")
before calling system("pkg_fetch ..."). Why a PHP script would do
this, I don't know, but it wouldn't surprise me.
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061229181606.GA83815>