Jim Meyering wrote: > FYI, I should be pushing these soon, and then making a snapshot > within a couple hours: > > [PATCH 1/2] build: distcheck: do not leave a $TMPDIR/coreutils directory > behind
aka, http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5 Now that there's a public BZ mentioning the security impact, http://bugzilla.redhat.com/545439, I will note that the above change also fixes a security-related flaw. Any user running "make distcheck" with TMPDIR unset or set to a world-writable directory like /tmp, is vulnerable to arbitrary code execution. So either don't run "make distcheck", with coreutils-8.1 or earlier, or be sure that TMPDIR is not a world-writable directory. I'll add something like the above to NEWS.