gareth wrote:
Oct 23 00:31:42 lordcow kernel: pid 48464 (conftest), uid 0: exited on signal
12 (core dumped)
Oct 23 01:19:26 lordcow kernel: pid 17512 (conftest), uid 0: exited on signal
12 (core dumped)
These are from autoconf testing various capabilities of the system to do
with signal
something's up, nothing in ports will write to a /tmp/download
directory, so either you or someone with root access did it.
I suggest:
checking /var/log/auth.log for attempted breachings
run sockstat and look for processes with ports open that shouldn't
have ports open.
conftest cores ususally
On Thu 2006-12-28 (22:10), David Todd wrote:
something's up, nothing in ports will write to a /tmp/download
directory, so either you or someone with root access did it.
thought as much :/
I suggest:
checking /var/log/auth.log for attempted breachings
i had a rough skim and nothing
On Fri 2006-12-29 (11:07), Matthew Seaman wrote:
Oct 23 00:31:42 lordcow kernel: pid 48464 (conftest), uid 0: exited on
signal 12 (core dumped)
Oct 23 01:19:26 lordcow kernel: pid 17512 (conftest), uid 0: exited on
signal 12 (core dumped)
These are from autoconf testing various
a
system breach (through some php-based webapplication). I could
then find a directory in /tmp owned by www that contains a
complete distribution with configurescript and the result of the
build. This /tmp/download doesn't look like that at all.
/thn
On Fri 2006-12-29 (17:25), Thomas Nystr?m wrote:
I just checked one of my servers and also found a /tmp/download
directory with the same files that you had.
I then compared the timestamp of /tmp/download with the timestamp
of the directories in /var/db/pkg: Same.
My conclusion is that
On Fri, Dec 29, 2006 at 07:39:16PM +0200, gareth wrote:
oh. ok. well even though that's weird behaviour from a package it's
more plausible since i haven't found anything else suspicious. are
the timestamps exactly the same? i have 4 packages that're 20 minutes
different. which of yours are the
gareth wrote:
On Fri 2006-12-29 (17:25), Thomas Nystr?m wrote:
I just checked one of my servers and also found a /tmp/download
directory with the same files that you had.
I then compared the timestamp of /tmp/download with the timestamp
of the directories in /var/db/pkg: Same.
My conclusion
Jeremy Chadwick wrote:
I've been following this thread and trying to track down what's been
reported (by two people at this point); that is, temporary ports
stuff getting stored in /tmp/download.
A `grep -r '/download$' /usr/ports` returns some results, but not
very many. Ones which could
On Dec 29, 2006, at 13:48 , Thomas Nyström wrote:
ture(root)# dir
total 50
drwxrwxr-x 5 root wheel512 29 Aug 16:29 ./
drwxrwxrwt 11 root wheel 3072 29 Dec 19:35 ../
drwxrwxr-x 4 root wheel512 29 Aug 16:29 Archive_Tar-1.3.1/
drwxrwxr-x 3 root wheel512 29 Aug 16:29
On Dec 29, 2006, at 13:53 , Thomas Nyström wrote:
I'm wondering if maybe a PHP script is trying to do something with
pkg_fetch, and does something like setenv(PKG_TMPDIR, /tmp/
download)
before calling system(pkg_fetch ...). Why a PHP script would do
this, I don't know, but it wouldn't
On Fri 2006-12-29 (19:48), Thomas Nystr?m wrote:
It looks like this:
ture(root)# dir
total 50
drwxrwxr-x 5 root wheel512 29 Aug 16:29 ./
drwxrwxrwt 11 root wheel 3072 29 Dec 19:35 ../
drwxrwxr-x 4 root wheel512 29 Aug 16:29 Archive_Tar-1.3.1/
drwxrwxr-x 3 root wheel
On Fri 2006-12-29 (10:16), Jeremy Chadwick wrote:
Apparently pkg_fetch will use either $PKG_TMPDIR or $TMPDIR as a
temporary storage location for where things are stored. Taken from
the manpage in pkgtools-2.2.2/man/pkg_fetch.1:
PKG_TMPDIR
TMPDIR (In that order) Temporary
gareth
On Fri, Dec 29, 2006 at 10:54:36PM +0200, gareth wrote:
On Fri 2006-12-29 (10:16), Jeremy Chadwick wrote:
with regards to you last post to me (personal) i had installed freebsd
v6.1-release and setup xwindows (both kde gnome) desktop
environments, then left teh machine sit and settle.
On Friday 29 December 2006 21:50, Brandon S. Allbery KF8NH wrote:
That looks like CPAN to me.
pear is actually like CPAN - but for PHP.
I didn't have the said download directory on my FreeBSD 6.1-STABLE machine,
but going to /usr/ports/devel/pear and doing make all install clean sure does
hey guys, my server rebooted a few days ago, and while i was
looking around for possible reasons (none came up, which's
disconcerting in itself) i found this suspicious directory:
$ ls -l /tmp/download
total 44
drwxr-xr-x 4 root wheel512 Oct 23 16:28 Archive_Tar-1.3.1
drwxr-xr-x 3 root
16 matches
Mail list logo
