Date: Fri, 29 Dec 2006 19:53:12 +0100 From: =?ISO-8859-1?Q?Thomas_Nystr=F6m?= <thn@saeab.se> To: Jeremy Chadwick <koitsu@freebsd.org> Cc: stable@freebsd.org Subject: Re: system breach Message-ID: <45956418.8080805@saeab.se> In-Reply-To: <20061229181606.GA83815@icarus.home.lan> References: <20061228231226.GA16587@lordcow.org> <b91012310612282010m22a6bbdbp97bf7bdecca1530@mail.gmail.com> <20061229155845.GA1266@lordcow.org> <45954196.9040909@saeab.se> <20061229173916.GA3196@lordcow.org> <20061229181606.GA83815@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
Jeremy Chadwick wrote:
>
> I've been following this thread and trying to track down what's been
> reported (by two people at this point); that is, temporary ports
> "stuff" getting stored in /tmp/download.
>
> A `grep -r '/download$' /usr/ports` returns some results, but not
> very many. Ones which could raise suspicion, but probably are not
> the cause, are:
>
> /usr/ports/biology/garlic/pkg-plist:%%PORTDOCS%%@dirrm %%DOCSDIR%%/download
> /usr/ports/lang/diveintopython/Makefile:DIPDLDIR= ${DOCSDIR}/download
> /usr/ports/lang/diveintopython/pkg-plist:@dirrm %%DOCSDIR%%/download
> /usr/ports/sysutils/jailuser/pkg-plist:%%PORTDOCS%%%%DOCSDIR%%/download
>
> Thus, I decided to go straight to the portupgrade source and look
> through that. Nothing really shined through, but I did come across
> something that may or may not help:
>
> Apparently pkg_fetch will use either $PKG_TMPDIR or $TMPDIR as a
> temporary storage location for where things are stored. Taken from
> the manpage in pkgtools-2.2.2/man/pkg_fetch.1:
>
> PKG_TMPDIR
> TMPDIR (In that order) Temporary directory where pkg_fetch down-
> loads files temporarily. If neither is not defined,
> ``/var/tmp'' is used.
>
> Do either of the reporters have PKG_TMPDIR or TMPDIR defined in
> make.conf, their own dotfiles, root's dotfiles, or within their
> php.ini?
Nope.
> I'm wondering if maybe a PHP script is trying to do something with
> pkg_fetch, and does something like setenv("PKG_TMPDIR", "/tmp/download")
> before calling system("pkg_fetch ..."). Why a PHP script would do
> this, I don't know, but it wouldn't surprise me.
>
See my other mail about a suspicous port (pear-1.4.11)
/thn
--
---------------------------------------------------------------
Svensk Aktuell Elektronik AB Thomas Nyström
Box 10 Phone: +46 8 35 92 85
S-191 21 Sollentuna Fax: +46 8 35 92 86
Sweden Email: thn@saeab.se
---------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45956418.8080805>