That situation can be easily fixed in RPM-based Linux with rpm --setperms and rpm --setugids.

Correction will be little harder on Debian derivatives and whole incident can be completely prevented on Solaris with file-mac-profile.