Re: system breach

On Fri 2006-12-29 (19:48), Thomas Nystr?m wrote:
It looks like this:

ture(root)# dir
total 50
drwxrwxr-x 5 root wheel 512 29 Aug 16:29 ./
drwxrwxrwt 11 root wheel 3072 29 Dec 19:35 ../
drwxrwxr-x 4 root wheel 512 29 Aug 16:29 Archive_Tar-1.3.1/
drwxrwxr-x 3 root wheel 512 29 Aug 16:29 Console_Getopt-1.2/
drwxrwxr-x 3 root wheel 512 29 Aug 16:29 XML_RPC-1.5.0/
-rw-rw-r-- 1 root wheel 15433 12 Jul 02:09 package.xml
-rw-rw-r-- 1 root wheel 22193 12 Jul 02:09 package2.xml

snap ;) package*.xml are also "12 Jul 02:09"

Exactly which port that did this is hard to tell. I have around
130 ports installed and most of them were updated 29:th Aug.
I have looked at the files that exists in these directories
and according to the +CONTENTS files in /var/db/pkg all is claimed
to belong to pear-1.4.11 so that might be a candidate.....

ah yes, well played, md5's match too.
_______________________________________________
freebsd-stable@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@xxxxxxxxxxx"