I don't know if this represents something harmless, or a little more important (maybe even a possible security problem), so I left the priority and severity at the default levels, but emerging sys-fs/e2fsprogs-1.39 (the current latest stable version) creates and leaves a file called sed.script in /tmp (owned by root:root). The contents of the file: /^#/d /^$/d s/__extension__ // s/typedef \(.*\) __u\([1-9]*\);/#define __U\2_TYPEDEF \1/ s/typedef \(.*\) __s\([1-9]*\);/#define __S\2_TYPEDEF \1/ I don't know much about sed (and not much about problems that lead to security issues), but I thought that creating files in /tmp with known names provided an opportunity for mischief. Thanks.
ugh, what an ugly little piece of code that generates this garbage thanks for the bug report, should be fixed in cvs now