Date: Fri, 29 Dec 2006 17:25:58 +0100 From: =?ISO-8859-1?Q?Thomas_Nystr=F6m?= <thn@saeab.se> To: gareth <bsd@lordcow.org> Cc: stable@freebsd.org Subject: Re: system breach Message-ID: <45954196.9040909@saeab.se> In-Reply-To: <20061229155845.GA1266@lordcow.org> References: <20061228231226.GA16587@lordcow.org> <b91012310612282010m22a6bbdbp97bf7bdecca1530@mail.gmail.com> <20061229155845.GA1266@lordcow.org>
next in thread | previous in thread | raw e-mail | index | archive | help
gareth wrote: > On Thu 2006-12-28 (22:10), David Todd wrote: > >>something's up, nothing in ports will write to a /tmp/download >>directory, so either you or someone with root access did it. I just checked one of my servers and also found a /tmp/download directory with the same files that you had. I then compared the timestamp of /tmp/download with the timestamp of the directories in /var/db/pkg: Same. My conclusion is that during a portupgrade these files were written there, directly or indirectly by portupgrade or the port itself. About two years ago I cleaned up a system that really had a system breach (through some php-based webapplication). I could then find a directory in /tmp owned by www that contains a complete distribution with configurescript and the result of the build. This /tmp/download doesn't look like that at all. /thn -- --------------------------------------------------------------- Svensk Aktuell Elektronik AB Thomas Nyström Box 10 Phone: +46 8 35 92 85 S-191 21 Sollentuna Fax: +46 8 35 92 86 Sweden Email: thn@saeab.se ---------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45954196.9040909>