system breach
Brandon S. Allbery KF8NH
allbery at ece.cmu.edu
Fri Dec 29 11:40:26 PST 2006
On Dec 29, 2006, at 13:53 , Thomas Nyström wrote:
>> I'm wondering if maybe a PHP script is trying to do something with
>> pkg_fetch, and does something like setenv("PKG_TMPDIR", "/tmp/
>> download")
>> before calling system("pkg_fetch ..."). Why a PHP script would do
>> this, I don't know, but it wouldn't surprise me.
>
> See my other mail about a suspicous port (pear-1.4.11)
PEAR would also make sense; it's a (apparently lamer, at least
security-wise; then again, it *is* PHP :> ) CPAN-alike for PHP.
--
brandon s. allbery [linux,solaris,freebsd,perl] allbery at kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery at ece.cmu.edu
electrical and computer engineering, carnegie mellon university KF8NH
More information about the freebsd-stable
mailing list