go build creates world-writable files under certain circumstances.

This happens on tip but not 1.2. The commit that introduces bad behavior is
https://code.google.com/p/go/source/detail?r=e8c8b0e2a52f1540f5059311a137c6fabb02d573

$ go build -o bar && ls -l bar
-rwxrwxrwx 1 tv tv 3971520 Jan 30 14:40 bar*
$ umask
0002

The trigger is $WORK residing on the same filesystem as the destination file.

In src/cmd/go/build.go *builder.moveOrCopyFile:

    if err := os.Chmod(src, perm); err == nil {
        if err := os.Rename(src, dst); err == nil {
            if buildX {
                b.showcmd("", "mv %s %s", src, dst)
            }
            return nil
        }
    }

    return b.copyFile(a, dst, src, perm)

perm is given by the caller as 0777 or 0666. Chmod does not respect umask, but sets the
file mode to exactly perm.

This does not trigger if Chmod or Rename fail, and b.copyFile is used (though Chmod
working and Rename failing may temporarily leave a world-writable file under $WORK --
not good either).

Adding `&& false` at the end of the first if gets the right results in all
circumstances.

Perhaps it's not the best idea to have 0777 modes in the source, waiting for this
mistake? (Then again, only 0700 is safe enough for all environments..)
And Go doesn't seem to let programmer access umask easily, either.