Date: Wed, 1 May 2002 00:55:56 -0700 From: Bill Fumerola <billf@mu.org> To: Peter McGarvey <pmcgarvey@vianetworks.co.uk> Cc: freebsd-security@freebsd.org Subject: Re: newbie. possibly got hacked. need help. Message-ID: <20020501075556.GG688@elvis.mu.org> In-Reply-To: <E172oa7-000AaY-00@pooh.noc.u-net.net> References: <F26PHDXE2sCRBHZXFZ00000c2f7@hotmail.com> <20020430232953.A72277@mail.texas-shooters.com> <20020501044517.GF688@elvis.mu.org> <E172oa7-000AaY-00@pooh.noc.u-net.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 01, 2002 at 08:31:18AM +0100, Peter McGarvey wrote: > Hmm, installing a port whem /var is full does not strike me as a good idea. oh for christs sake, my suggestion wasn't meant to be a step-by-step on how to fix a system, i was pointing out the utility that could be used to figure out whats going on. so install the package and ignore the registration complaints. so compile and run it by hand in your home directory. so compile it on another system and copy it over. so just use fstat and get less sexy output. so be a sysadmin and apply an iota of thought to the problem. > I've seen a similar thing twice, turns out qmail goes haywire if you've > got softupdates turned on. The only way to fix it is to reboot into > single-user mode and fsck the disk. Remembering to turn softupdates off > when it's finished. no, not really. filling up a disk with softupdates used to cause problems, it no longer does. it is possible to unmount a fs and run tunefs without rebooting your system (or dropping to single-user mode). there is (was?) nothing qmail specific about this problem. > Another fun way to fill a volume is to delete a log file. Syslog will > happily backfill your volume without complaint until you HUP or restart it. your "problem" is with unix semantics, not syslog. this is the exact "problem" the original poster was having (running processes holding open a file handle on a large, deleted file), but thanks for repeating it. please kill this thread, it is all -questions fodder. -- - bill fumerola / fumerola@yahoo-inc.com / billf@FreeBSD.org / billf@mu.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020501075556.GG688>