Date: Fri, 29 Dec 2006 14:40:22 -0500 From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu> To: =?ISO-8859-1?Q?Thomas_Nystr=F6m?= <thn@saeab.se>, stable@freebsd.org Subject: Re: system breach Message-ID: <DA58496F-4D15-4FEB-8FEF-D30C6C076F98@ece.cmu.edu> In-Reply-To: <45956418.8080805@saeab.se> References: <20061228231226.GA16587@lordcow.org> <b91012310612282010m22a6bbdbp97bf7bdecca1530@mail.gmail.com> <20061229155845.GA1266@lordcow.org> <45954196.9040909@saeab.se> <20061229173916.GA3196@lordcow.org> <20061229181606.GA83815@icarus.home.lan> <45956418.8080805@saeab.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On Dec 29, 2006, at 13:53 , Thomas Nystr=F6m wrote:
>> I'm wondering if maybe a PHP script is trying to do something with
>> pkg_fetch, and does something like setenv("PKG_TMPDIR", "/tmp/=20
>> download")
>> before calling system("pkg_fetch ..."). Why a PHP script would do
>> this, I don't know, but it wouldn't surprise me.
>
> See my other mail about a suspicous port (pear-1.4.11)
PEAR would also make sense; it's a (apparently lamer, at least =20
security-wise; then again, it *is* PHP :> ) CPAN-alike for PHP.
--=20
brandon s. allbery [linux,solaris,freebsd,perl] allbery@kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery@ece.cmu.edu
electrical and computer engineering, carnegie mellon university KF8NH
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DA58496F-4D15-4FEB-8FEF-D30C6C076F98>