Yet another package that leaves world-writable files on the system: * Messages for package dev-python/gmpy-2.0.5: * QA Security Notice: world writable file(s): * /usr/lib/python2.7/site-packages/gmpy2.so * /usr/lib/python3.4/site-packages/gmpy2.cpython-34.so * /usr/lib/python3.3/site-packages/gmpy2.cpython-33.so * This may or may not be a security problem, most of the time it is one. * Please double check that gmpy-2.0.5 really needs a world writeable bit and file bugs accordingly. * Reproducible: Always
I have #533898 reported here as well, but no feedback so far as it may result in my system's setup. Some system infos are attached to the other bug.
~/cvsPortage/gentoo-x86/dev-python/gmpy $ ebuild gmpy-2.0.5.ebuild clean install running install_egg_info Writing /mnt/gen2/TmpDir/portage/dev-python/gmpy-2.0.5/image//_python2.7/usr/lib64/python2.7/site-packages/gmpy2-2.0.5-py2.7.egg-info * python2_7: running distutils-r1_run_phase python_install_all >>> Completed installing gmpy-2.0.5 into /mnt/gen2/TmpDir/portage/dev-python/gmpy-2.0.5/image/ strip: x86_64-pc-linux-gnu-strip --strip-unneeded -R .comment -R .GCC.command.line -R .note.gnu.gold-version usr/lib64/python3.3/site-packages/gmpy2.cpython-33.so usr/lib64/python3.4/site-packages/gmpy2.cpython-34.so usr/lib64/python2.7/site-packages/gmpy2.so ecompressdir: bzip2 -9 /usr/share/doc ~/cvsPortage/gentoo-x86/dev-python/gmpy $ grep "Security Notice" /mnt/gen2/TmpDir/portage/dev-python/gmpy-2.0.5/temp//build.log yields blank. All things are not equal
See bug 533898, ccache/portage bug. *** This bug has been marked as a duplicate of bug 533898 ***