Bengt, Ricardo, I see similar results here with ‘guix install moka-icon-theme’, and I'm sure the rest of my (and everyone's) store is full of misperm'd files too. It's kind of generally known. This seems to be particularly common in Meson packages: for some reason, Meson installs everything as executable by default. Bengt Richter 写道: > Is this zero-day stuff with a nasty somewhere, waiting for > referencing > by another nasty, or am I being paranoid? What's the threat model there? Respectfully, I think you might be, but maybe I'm naive… Otherwise I consider this a merely cosmetic issue, but we still welcome fixes for those! Checking whether Meson behaves differently on other distributions would be a good start. Ricardo Wurmus 写道: > Bengt Richter writes: > >> $ find /gnu -type f -perm /111 -iname '*png'|xargs stat -c '%a >> %A %N'|cut -d '-' -f5,6,7,8|less|uniq -c|less >> --8<---------------cut >> here---------------start------------->8--- >> 1 x >> '/gnu/store/.links/1s94fymqj8xba55rg8xbdni9a215kxsxkddyh2qyb7y6fl7srpng' >> 1 x >> '/gnu/store/.links/05dsk06ffdwgjdqgsy03zhnsrcd44yyi8ylk9qyb1a3n89aplpng' >> 97 x >> '/gnu/store/jf7i57glqykwgm1k7zb5k8x6f1yd47l8-faba-icon-theme >> 1 x >> '/gnu/store/k83hj06qj142xv6rqpfh3mcdf3149q09-gd-2.2.5/bin/gdparttopng' >> 1 x >> '/gnu/store/k83hj06qj142xv6rqpfh3mcdf3149q09-gd-2.2.5/bin/gdtopng' >> 1 x >> '/gnu/store/k83hj06qj142xv6rqpfh3mcdf3149q09-gd-2.2.5/bin/webpng' >> 1 x >> '/gnu/store/k83hj06qj142xv6rqpfh3mcdf3149q09-gd-2.2.5/bin/gd2topng' >> 1 x >> '/gnu/store/x9c77i6r5fmarslij6ng81awgrxblplm-texlive-bin-20180414/bin/dvipng' >> 34143 x >> '/gnu/store/yg6skr4v6vnj04rm5k9h3pa81mjivba7-moka-icon-theme >> 1 x >> '/gnu/store/7mxkdn6cp7x8sac49p2g80qw5j1aavi3-texlive-20180414/bin/dvipng' >> 62 x >> '/gnu/store/6d79d8za76pj5f2flhckpmdvdgqhqxaa-docbook-xsl-1.79.1/xml/xsl/docbook >> 1 x >> '/gnu/store/azd3rg350gjkgzvzps3s4j3kpz5kxh57-texlive-bin-20180414/bin/dvipng' >> 1 x >> '/gnu/store/9w1hi2hr4zczc5jd5r2xmff9zf4gwc1n-texlive-union-49435/bin/dvipng' >> 1 x >> '/gnu/store/5hv33gy8w247v3dcf4dfa8p0ijkmiz5x-gd-2.2.5/bin/gdparttopng' >> 1 x >> '/gnu/store/5hv33gy8w247v3dcf4dfa8p0ijkmiz5x-gd-2.2.5/bin/gdtopng' >> 1 x >> '/gnu/store/5hv33gy8w247v3dcf4dfa8p0ijkmiz5x-gd-2.2.5/bin/webpng' >> 1 x >> '/gnu/store/5hv33gy8w247v3dcf4dfa8p0ijkmiz5x-gd-2.2.5/bin/gd2topng' >> 1 x >> '/gnu/store/9jgmsnx36wv8ymgalwd1zlmq3z34bqf0-gd-2.2.5/bin/gdparttopng' >> 1 x >> '/gnu/store/9jgmsnx36wv8ymgalwd1zlmq3z34bqf0-gd-2.2.5/bin/gdtopng' >> 1 x >> '/gnu/store/9jgmsnx36wv8ymgalwd1zlmq3z34bqf0-gd-2.2.5/bin/webpng' >> 1 x >> '/gnu/store/9jgmsnx36wv8ymgalwd1zlmq3z34bqf0-gd-2.2.5/bin/gd2topng' >> >> --8<---------------cut >> here---------------end--------------->8--- > > Maybe I’m missing something, but none of the above are PNGs. > Most of them are executables, others are directories, so having > them > executable is expected. Bengt's clever pipeline tallies the number of executable *png files in each top-level store directory. It does not include directories. It's true that the '*png' above should be replaced with '*.png', but these /bin files are just the very noisy outliers. The meat is in: > 34143 x > '/gnu/store/yg6skr4v6vnj04rm5k9h3pa81mjivba7-moka-icon-theme i.e. 34143 executable '*png' files in that directory alone. Kind regards, T G-R