Bug 40369

As a user which tries to keep a keen security combined with an updated system I have as a part of the security removed suided binaries which I don't find the use for in my system to decrease the risk of local exploitation of binaries by users. 

I have also made a script to auto emerge sync and emerge -U world every night at 4am to always get the latest versions of packages installed. 

When portage updates a package it compiles it in a sandbox environment, overwrite exising files and remove "left over" files from the older package version. This works good except for suid bits which I have removed of binaries, that are reset to package defaults. 

I talked about it in #gentoo-portage and recived positive response which encouraged me to post it here. One comment I got was "[14:55:12] <jstubbs> hardened folk would probably be agreeable to the idea, too."



Reproducible: Always
Steps to Reproduce:
1. Emerge package
2. Remove suid bit
3. Reemerge package

Actual Results:  
Suid bit is reset to binaries after manually removing them.

Expected Results:  
Keep the existing suid bit status on files it upgrade, or atleast have the 
option for enabling this check (as it might slow the emerge down with a few 
seconds)

I didn't really know if I should post it as a "Normal" bug or a "Major". Depends 
on how you look at suid bits as a security of your system, but here it goes as 
normal, as that is what I classify it as.