On 2 systems out of 3 file /usr/lib64/thunderbird/libxul.so from package mail-client/thunderbird-10.0.9 have permissions 0777.
It looks previous versions of mail-client/thunderbird are not affected.
Created attachment 328208 [details]
emerge --info : affected system #1
Created attachment 328210 [details]
emerge --info : affected system #2
Created attachment 328212 [details]
emerge --info : not affected system
Same problem with www-client/firefox-10.0.9:/usr/lib64/firefox/libxul.so
@mozilla, can you please look into this?
I can't reproduce it locally; libxul.so (and others) install with 0755
Is it possible that for some reason there's a non-standard umask on these affected systems? Or something special with the filesystem (either in /var/tmp/portage or in /usr/lib64/[whatever] )?
(In reply to comment #6)
> Is it possible that for some reason there's a non-standard umask on these
> affected systems? Or something special with the filesystem (either in
> /var/tmp/portage or in /usr/lib64/[whatever] )?
Umask on all systems is 0022
$PORTAGE_TMPDIR on all systems reside on btrfs sub-volume with same permissions
/usr/lib64/[whatever] have same permissions on all systems
Version 10.0.10 of thunderbird & firefox is also affected
Created attachment 330086 [details]
Test program in C: creates 1000000 empty files
On one of affected systems i used tmpfs for $PORTAGE_TMPDIR instead of btrfs.
Thunderbird compiled without problems.
So it looks problem is in btrfs.
I found one simple test case: when create large amount of empty files some files get world writable permissions.
To test this case I attached simple C program which create 1000000 empty files.
gcc -O2 mkfiles.c
find . -type f -perm -g+w | wc -l
Last command on non affected system should return 0.
What should I do next with this bug? Should I report this upstream?
(In reply to comment #9)
Posted this bug on Linux kernel bugzilla:
(In reply to comment #10)
> (In reply to comment #9)
> Posted this bug on Linux kernel bugzilla:
Thanks for reporting upstream. Since it is apparently not thunderbird related (just happens to be triggered by TB), un-CC'ing mozilla.
There are no longer any 2.x or <3.6.6 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.