On Friday 29 December 2006 21:50, Brandon S. Allbery KF8NH wrote:
> That looks like CPAN to me.
pear is actually like CPAN - but for PHP.
I didn't have the said download directory on my FreeBSD 6.1-STABLE machine,
but going to /usr/ports/devel/pear and doing make all install clean sure does
cre
gareth
On Fri, Dec 29, 2006 at 10:54:36PM +0200, gareth wrote:
> On Fri 2006-12-29 (10:16), Jeremy Chadwick wrote:
with regards to you last post to me (personal) i had installed freebsd
v6.1-release and setup xwindows (both kde & gnome) desktop
environments, then left teh machine sit and settle.
On Fri 2006-12-29 (10:16), Jeremy Chadwick wrote:
> Apparently pkg_fetch will use either $PKG_TMPDIR or $TMPDIR as a
> temporary storage location for where things are stored. Taken from
> the manpage in pkgtools-2.2.2/man/pkg_fetch.1:
>
> PKG_TMPDIR
> TMPDIR (In that order) Temporary
On Fri 2006-12-29 (19:48), Thomas Nystr?m wrote:
> It looks like this:
>
> ture(root)# dir
> total 50
> drwxrwxr-x 5 root wheel512 29 Aug 16:29 ./
> drwxrwxrwt 11 root wheel 3072 29 Dec 19:35 ../
> drwxrwxr-x 4 root wheel512 29 Aug 16:29 Archive_Tar-1.3.1/
> drwxrwxr-x 3 root
On Dec 29, 2006, at 13:53 , Thomas Nyström wrote:
I'm wondering if maybe a PHP script is trying to do something with
pkg_fetch, and does something like setenv("PKG_TMPDIR", "/tmp/
download")
before calling system("pkg_fetch ..."). Why a PHP script would do
this, I don't know, but it wouldn't
On Dec 29, 2006, at 13:48 , Thomas Nyström wrote:
ture(root)# dir
total 50
drwxrwxr-x 5 root wheel512 29 Aug 16:29 ./
drwxrwxrwt 11 root wheel 3072 29 Dec 19:35 ../
drwxrwxr-x 4 root wheel512 29 Aug 16:29 Archive_Tar-1.3.1/
drwxrwxr-x 3 root wheel512 29 Aug 16:29 Consol
Jeremy Chadwick wrote:
>
I've been following this thread and trying to track down what's been
reported (by two people at this point); that is, temporary ports
"stuff" getting stored in /tmp/download.
A `grep -r '/download$' /usr/ports` returns some results, but not
very many. Ones which could r
gareth wrote:
On Fri 2006-12-29 (17:25), Thomas Nystr?m wrote:
I just checked one of my servers and also found a /tmp/download
directory with the same files that you had.
I then compared the timestamp of /tmp/download with the timestamp
of the directories in /var/db/pkg: Same.
My conclusion i
On Fri, Dec 29, 2006 at 07:39:16PM +0200, gareth wrote:
> oh. ok. well even though that's weird behaviour from a package it's
> more plausible since i haven't found anything else suspicious. are
> the timestamps exactly the same? i have 4 packages that're 20 minutes
> different. which of yours are
On Fri 2006-12-29 (17:25), Thomas Nystr?m wrote:
> I just checked one of my servers and also found a /tmp/download
> directory with the same files that you had.
>
> I then compared the timestamp of /tmp/download with the timestamp
> of the directories in /var/db/pkg: Same.
>
> My conclusion is th
y had a
system breach (through some php-based webapplication). I could
then find a directory in /tmp owned by www that contains a
complete distribution with configurescript and the result of the
build. This /tmp/download doesn't look like that at
On Fri 2006-12-29 (11:07), Matthew Seaman wrote:
> > Oct 23 00:31:42 lordcow kernel: pid 48464 (conftest), uid 0: exited on
> > signal 12 (core dumped)
> > Oct 23 01:19:26 lordcow kernel: pid 17512 (conftest), uid 0: exited on
> > signal 12 (core dumped)
>
> These are from autoconf testing vario
On Thu 2006-12-28 (22:10), David Todd wrote:
> something's up, nothing in ports will write to a /tmp/download
> directory, so either you or someone with root access did it.
thought as much :/
> I suggest:
> checking /var/log/auth.log for attempted breachings
i had a rough skim and nothing suspic
something's up, nothing in ports will write to a /tmp/download
directory, so either you or someone with root access did it.
I suggest:
checking /var/log/auth.log for attempted breachings
run sockstat and look for processes with ports open that shouldn't
have ports open.
conftest cores ususally
gareth wrote:
> Oct 23 00:31:42 lordcow kernel: pid 48464 (conftest), uid 0: exited on signal
> 12 (core dumped)
> Oct 23 01:19:26 lordcow kernel: pid 17512 (conftest), uid 0: exited on signal
> 12 (core dumped)
These are from autoconf testing various capabilities of the system to do
with signa
hey guys, my server rebooted a few days ago, and while i was
looking around for possible reasons (none came up, which's
disconcerting in itself) i found this suspicious directory:
$ ls -l /tmp/download
total 44
drwxr-xr-x 4 root wheel512 Oct 23 16:28 Archive_Tar-1.3.1
drwxr-xr-x 3 root whe
16 matches
Mail list logo
