On 11/20/2012 02:20 PM, Paul Eggert wrote:
> Thanks, I installed this patch into the coreutils master branch,
> and I'm marking the upstream coreutils bug as done.
> 
>>From 7ee71d9ddad1435bbea00779bcd4c62482ea3473 Mon Sep 17 00:00:00 2001
> From: Paul Eggert <eggert@cs.ucla.edu>
> Date: Tue, 20 Nov 2012 13:15:34 -0800
> Subject: [PATCH] install: fix security race
> 
> * src/copy.c (copy_internal): Use DST_MODE_BITS, not SRC_MODE.
> See Bernhard R. Link in <http://bugs.gnu.org/12947> and in
> <http://bugs.debian.org/598018>.
> ---
>  src/copy.c | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)

This also needs a NEWS entry.  I'm not sure how easy or hard it would be
to write a test case, though.

-- 
Eric Blake   eblake@redhat.com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org