i emerged m4-1.4p-r1. after the emerge finished, cat /tmp/env as any user. this file is the output of 'env' as run by root. this file was created world-readable. although i'm on ppc, a user on x86 had the same issue. this file really should not be created. if it has to be there, it should not be world readable and it should be removed after the ebuild is finished. (why is it being created?)
I have no idea. I had that file too. Not sure from when though. Can you reproduce this? I cannot find a source for it.
Verify and reopen.
tried it again. same thing. i did 'watch -n 1 ls -l /tmp' and then 'emerge unmerge m4; emerge m4' sure enough the file appeared, just as the configure finished and the make started. this is with sys-devel/m4-1.4p-r1.
I have the same file (from the m4 build, as the variables inside it note)... Very odd
tests/mkconfig.sh in the m4 source dir is a rather interesting file: #!/bin/sh env >/tmp/env sed -n -e '/^#define \(\(WITH\|ENABLE\)_.*\) \(.*\)$/s//define(\1, \3)dnl/p' config.h > tests/config.m4 sed -n -e '/^#define \(\(WITH\|ENABLE\)_.*\) \(.*\)$/s//\1=\3/p' config.h > tests/config.sh
notified upstream ... ------- Forwarded Message Date: Mon, 24 Feb 2003 03:37:02 -0500 To: bug-m4@gnu.org From: Rajiv Aaron Manglani <rajiv@gentoo.org> Subject: insecure file in /tmp after m4 build hello there. while building m4 on gentoo, we discovered that one of the configure tests (tests/mkconfig.sh) creates /tmp/env, which is a dump of the environment of the user doing the build. was this used for testing and left in by accident? see http://bugs.gentoo.org/show_bug.cgi?id=15673 for more info. please let me know the purpose of this file. thanks ------- End of Forwarded Message
Ok. Fixed in the ebuilds.
I think it's dealt with.
