I don't know if this represents something harmless, or a little more important
(maybe even a possible security problem), so I left the priority and severity
at the default levels, but emerging sys-fs/e2fsprogs-1.39 (the current latest
stable version) creates and leaves a file called sed.script in /tmp (owned by
root:root). The contents of the file:
/^#/d
/^$/d
s/__extension__ //
s/typedef \(.*\) __u\([1-9]*\);/#define __U\2_TYPEDEF \1/
s/typedef \(.*\) __s\([1-9]*\);/#define __S\2_TYPEDEF \1/
I don't know much about sed (and not much about problems that lead to security
issues), but I thought that creating files in /tmp with known names provided an
opportunity for mischief.
Thanks.
ugh, what an ugly little piece of code that generates this garbage
thanks for the bug report, should be fixed in cvs now
