On 2 systems out of 3 file /usr/lib64/thunderbird/libxul.so from package mail-client/thunderbird-10.0.9 have permissions 0777. It looks previous versions of mail-client/thunderbird are not affected.
Created attachment 328208 [details] emerge --info : affected system #1
Created attachment 328210 [details] emerge --info : affected system #2
Created attachment 328212 [details] emerge --info : not affected system
Same problem with www-client/firefox-10.0.9:/usr/lib64/firefox/libxul.so
@mozilla, can you please look into this?
I can't reproduce it locally; libxul.so (and others) install with 0755 Is it possible that for some reason there's a non-standard umask on these affected systems? Or something special with the filesystem (either in /var/tmp/portage or in /usr/lib64/[whatever] )?
(In reply to comment #6) > Is it possible that for some reason there's a non-standard umask on these > affected systems? Or something special with the filesystem (either in > /var/tmp/portage or in /usr/lib64/[whatever] )? Umask on all systems is 0022 $PORTAGE_TMPDIR on all systems reside on btrfs sub-volume with same permissions /usr/lib64/[whatever] have same permissions on all systems
Version 10.0.10 of thunderbird & firefox is also affected
Created attachment 330086 [details] Test program in C: creates 1000000 empty files On one of affected systems i used tmpfs for $PORTAGE_TMPDIR instead of btrfs. Thunderbird compiled without problems. So it looks problem is in btrfs. I found one simple test case: when create large amount of empty files some files get world writable permissions. To test this case I attached simple C program which create 1000000 empty files. Short instructions: gcc -O2 mkfiles.c umask 0022 ./a.out find . -type f -perm -g+w | wc -l Last command on non affected system should return 0. Affected kernels: 3.4.2-hardened 3.5.4-hardened-r1 3.6.6-gentoo What should I do next with this bug? Should I report this upstream?
(In reply to comment #9) Posted this bug on Linux kernel bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=50861
(In reply to comment #10) > (In reply to comment #9) > > Posted this bug on Linux kernel bugzilla: > https://bugzilla.kernel.org/show_bug.cgi?id=50861 Thanks for reporting upstream. Since it is apparently not thunderbird related (just happens to be triggered by TB), un-CC'ing mozilla.
There are no longer any 2.x or <3.6.6 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.