Recently, I used a 3 or 4 month old Jabber-Server ebuild on a clients machine. I cant get the details of the ebuild (I rsync'ed after this problem) What happened was that the Ebuild tried to execute a 'cd /usr/jabber-?.?.?' followed by a 'chown -R jabber.jabber *' The cd failed due to an error with the make (no idea what caused the dir not to be there) but the chown continued. You can see my posting on this in http://forums.gentoo.org/viewtopic.php?t=38240 This, in my opinion, was a VERY poorly written ebuild. Error checking should allways be emplyoed before performing a high risk command such as chown -R - so I'd like to suggest that there is a process in place for reviewing ebuilds that looks for dangerous commands. I ran the following commands: grep -iR 'chown -R' * and grep -iR 'chmod -R' * Thankfully most ebuilds do specify targets on chown/chmod, however a further | grep \* revealed a few still using 'chown -R user.group *' and the chmod counterpart, and most of them are kernel ebuilds so it may make sense with those. Truly, it would be healthier, where possible, to chown/chmod only those files that require it. Reproducible: Didn't try Steps to Reproduce: 1. 2. 3.
This problem does not seem to exist as all chowns use directory names, not *. (It may have been valid before, but if so, it no longer is)
