http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2654 "xfs_fsr in xfsdump creates a temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems." Patch from SUSE update attached.
Created attachment 154896 [details] Patch from SUSE update
Sorry didn't see this. I'll get this pulled in soon.
This is fixed in most recent xfsprogs 2.2.45, as of a couple months ago: http://oss.sgi.com/cgi-bin/cvsweb.cgi/xfs-cmds/xfsdump/fsr/xfs_fsr.c.diff?r1=1.27;r2=1.28 I've got most recent xfsprogs in F8test and F7 updates-testing; I'll try to get it pushed to F6 as well.
xfsdump-2.2.42-2.fc6 is now available in Fedora 6 Extras, and it resolves this issue. Thanks, -Eric