mkdir-p/perms in (gnu build activation) currently first creates the
target directory with its permissions restricted solely by umask, then
changes the permissions afterward.  This leaves a window during which it
is possible that read and/or execute bits for untrusted users may be set
on the target directory.

By changing it so that the directory, if it is created, is created with
no more permissions than the caller specified, we can be confident that
if the directory didn't already exist - for example because it was
deliberately deleted in advance - it at no point was more accessible
than intended.

- reepca