From owner-freebsd-stable@FreeBSD.ORG  Fri Dec 29 19:40:25 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: stable@freebsd.org
Delivered-To: freebsd-stable@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id E57B716A407
	for <stable@freebsd.org>; Fri, 29 Dec 2006 19:40:25 +0000 (UTC)
	(envelope-from allbery@ece.cmu.edu)
Received: from bache.ece.cmu.edu (BACHE.ECE.CMU.EDU [128.2.129.23])
	by mx1.freebsd.org (Postfix) with ESMTP id BED8913C461
	for <stable@freebsd.org>; Fri, 29 Dec 2006 19:40:25 +0000 (UTC)
	(envelope-from allbery@ece.cmu.edu)
Received: by bache.ece.cmu.edu (Postfix, from userid 953)
	id 35BA482; Fri, 29 Dec 2006 14:40:25 -0500 (EST)
X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on filt1.ece.cmu.edu
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=6.0 tests=BAYES_50 autolearn=no 
	version=3.1.4
Received: from [10.9.204.128] (dsl093-061-215.pit1.dsl.speakeasy.net
	[66.93.61.215]) by bache.ece.cmu.edu (Postfix) with ESMTP id 6F8EC65;
	Fri, 29 Dec 2006 14:40:24 -0500 (EST)
Mime-Version: 1.0 (Apple Message framework v752.2)
In-Reply-To: <45956418.8080805@saeab.se>
References: <20061228231226.GA16587@lordcow.org>	<b91012310612282010m22a6bbdbp97bf7bdecca1530@mail.gmail.com>	<20061229155845.GA1266@lordcow.org>
	<45954196.9040909@saeab.se>	<20061229173916.GA3196@lordcow.org>
	<20061229181606.GA83815@icarus.home.lan>
	<45956418.8080805@saeab.se>
Content-Type: text/plain; charset=ISO-8859-1; delsp=yes; format=flowed
Message-Id: <DA58496F-4D15-4FEB-8FEF-D30C6C076F98@ece.cmu.edu>
Content-Transfer-Encoding: quoted-printable
From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
Date: Fri, 29 Dec 2006 14:40:22 -0500
To: =?ISO-8859-1?Q?Thomas_Nystr=F6m?= <thn@saeab.se>,
 stable@freebsd.org
X-Mailer: Apple Mail (2.752.2)
Cc: 
Subject: Re: system breach
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Dec 2006 19:40:26 -0000


On Dec 29, 2006, at 13:53 , Thomas Nystr=F6m wrote:

>> I'm wondering if maybe a PHP script is trying to do something with
>> pkg_fetch, and does something like setenv("PKG_TMPDIR", "/tmp/=20
>> download")
>> before calling system("pkg_fetch ...").  Why a PHP script would do
>> this, I don't know, but it wouldn't surprise me.
>
> See my other mail about a suspicous port (pear-1.4.11)

PEAR would also make sense; it's a (apparently lamer, at least =20
security-wise; then again, it *is* PHP :> ) CPAN-alike for PHP.

--=20
brandon s. allbery    [linux,solaris,freebsd,perl]     allbery@kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery@ece.cmu.edu
electrical and computer engineering, carnegie mellon university    KF8NH