in particular cases, tcp-wrappers 7.6 will fail when xattr coreutils flag is activated. tcp-wrappers Makefile calls mv and rm. A Segmentation fault will abort the ebuild. 

The test was made in a chroot environment on a filesystem with the user_xattr option activated:
/dev/mapper/vg-media on /var/spool/media type ext4 (rw,noatime,acl,user_xattr,data=writeback)

coreutils is part of the core system and that bug could be exploited.

Reproducible: Always

Steps to Reproduce:
1. USE=xattr emerge coreutils
2. emerge tcp-wrappers
3.




to illustrate the xattr problem in config-check in tcp-wrapper Makefile

tcp_wrappers_7.6 # strace mv /tmp/cflags.9011 cflags
execve("/bin/mv", ["mv", "/tmp/cflags.9011", "cflags"], [/* 90 vars */]) = 0
brk(0)                                  = 0x11c3000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8917b3d000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=25062, ...}) = 0
mmap(NULL, 25062, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f8917b36000
close(3)                                = 0
open("/lib/librt.so.1", O_RDONLY)       = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\"\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=35656, ...}) = 0
mmap(NULL, 2133008, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8917716000
mprotect(0x7f891771e000, 2093056, PROT_NONE) = 0
mmap(0x7f891791d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7000) = 0x7f891791d000
close(3)                                = 0
open("/lib/libacl.so.1", O_RDONLY)      = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@\"\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=35312, ...}) = 0
mmap(NULL, 2130544, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f891750d000
mprotect(0x7f8917515000, 2093056, PROT_NONE) = 0
mmap(0x7f8917714000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7000) = 0x7f8917714000
close(3)                                = 0
open("/lib/libattr.so.1", O_RDONLY)     = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\25\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=18680, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8917b35000
mmap(NULL, 2113880, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8917308000
mprotect(0x7f891730c000, 2093056, PROT_NONE) = 0
mmap(0x7f891750b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f891750b000
close(3)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\355\1\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1477808, ...}) = 0
mmap(NULL, 3587016, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8916f9c000
mprotect(0x7f89170fe000, 2097152, PROT_NONE) = 0
mmap(0x7f89172fe000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x162000) = 0x7f89172fe000
mmap(0x7f8917303000, 19400, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f8917303000
close(3)                                = 0
open("/lib/libpthread.so.0", O_RDONLY)  = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\\\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=135565, ...}) = 0
mmap(NULL, 2212768, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8916d7f000
mprotect(0x7f8916d97000, 2093056, PROT_NONE) = 0
mmap(0x7f8916f96000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f8916f96000
mmap(0x7f8916f98000, 13216, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f8916f98000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8917b34000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8917b33000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8917b32000
arch_prctl(ARCH_SET_FS, 0x7f8917b33700) = 0
mprotect(0x7f8916f96000, 4096, PROT_READ) = 0
mprotect(0x7f89172fe000, 16384, PROT_READ) = 0
mprotect(0x7f891750b000, 4096, PROT_READ) = 0
mprotect(0x7f8917714000, 4096, PROT_READ) = 0
mprotect(0x7f891791d000, 4096, PROT_READ) = 0
mprotect(0x619000, 4096, PROT_READ)     = 0
mprotect(0x7f8917b3e000, 4096, PROT_READ) = 0
munmap(0x7f8917b36000, 25062)           = 0
set_tid_address(0x7f8917b339d0)         = 28631
set_robust_list(0x7f8917b339e0, 0x18)   = 0
futex(0x7fff3eed984c, FUTEX_WAKE_PRIVATE, 1) = 0
futex(0x7fff3eed984c, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 1, NULL, 7f8917b33700) = -1 EAGAIN (Resource temporarily unavailable)
rt_sigaction(SIGRTMIN, {0x7f8916d84770, [], SA_RESTORER|SA_SIGINFO, 0x7f8916d8e490}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x7f8916d84800, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7f8916d8e490}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
brk(0)                                  = 0x11c3000
brk(0x11e4000)                          = 0x11e4000
open("/usr/lib64/locale/locale-archive", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2570, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8917b3c000
read(3, "# Locale name alias data base.\n#"..., 4096) = 2570
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0x7f8917b3c000, 4096)            = 0
open("/usr/lib64/locale/fr_FR.UTF-8/LC_IDENTIFICATION", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib64/locale/fr_FR.utf8/LC_IDENTIFICATION", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib64/locale/fr_FR/LC_IDENTIFICATION", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib64/locale/fr.UTF-8/LC_IDENTIFICATION", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib64/locale/fr.utf8/LC_IDENTIFICATION", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib64/locale/fr/LC_IDENTIFICATION", O_RDONLY) = -1 ENOENT (No such file or directory)
geteuid()                               = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
stat("cflags", {st_mode=S_IFREG|0600, st_size=325, ...}) = 0
lstat("/tmp/cflags.9011", {st_mode=S_IFREG|0644, st_size=325, ...}) = 0
lstat("cflags", {st_mode=S_IFREG|0600, st_size=325, ...}) = 0
geteuid()                               = 0
rename("/tmp/cflags.9011", "cflags")    = -1 EXDEV (Invalid cross-device link)
unlink("cflags")                        = 0
open("/tmp/cflags.9011", O_RDONLY|O_NOFOLLOW) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=325, ...}) = 0
open("cflags", O_WRONLY|O_CREAT|O_EXCL, 0600) = 4
fstat(4, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0
read(3, "-march=barcelona -O2 -pipe -DFAC"..., 32768) = 325
write(4, "-march=barcelona -O2 -pipe -DFAC"..., 325) = 325
read(3, "", 32768)                      = 0
utimensat(4, NULL, {{1288221706, 272350256}, {1288221706, 272350256}}, 0) = 0
fchown(4, 250, 250)                     = 0
flistxattr(3, (nil), 0)                 = 4294967274
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV (core dumped) +++
Segmentation fault (core dumped)