Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3289 to
the following vulnerability:
The g_file_copy function in glib 2.0 sets the permissions of a target
file to the permissions of a symbolic link (777), which allows
user-assisted local users to modify files of other users, as
demonstrated by using Nautilus to modify the permissions of the user
This issue does NOT affect the versions of the glib2 package, as shipped
with Red Hat Enterprise Linux 3, 4, or 5.
This issue affects the versions of glib2 package, as shipped with Fedora
10 and 11.
I think you mean glib2, not glib.
Trying in Fedora 14, this seems to be corrected. If you copy your own home folder (with 0700 perms) to /tmp, when the copy is complete, it has 0700 perms again. During the copy it has 0775 perms, but changes when the copying is done. I believe this issue has been corrected upstream:
Author: Benjamin Otte <email@example.com>
Date: Tue Sep 1 21:26:08 2009 +0200
Bug 593406 - Permissions set to 777 after copying via Nautilus
Only fail to set the permissions when the actual file is a symlink.
The previous fix failed for every file when NOFOLLOW_SYMLINKS was set.
Test on RHEL6 as well and the destination file/directory will have the same permissions as the source.