So the Office 2008 12.01 updater came out, it’s got a whole lot of packages for each app and component with postflight scripts written in Python to clean up all the permissions:
Mar 12 15:33:00 brunerd runner[8556]: postflight[8773]: setting ownership/permissions
Mar 12 15:33:00 brunerd runner[8556]: postflight[8773]: fixing setuid flags
Mar 12 15:33:00 brunerd runner[8556]: postflight[8773]: clearing ACLs
Mar 12 15:33:00 brunerd runner[8556]: postflight[8773]: sanitizing receipts
Doing an ls -lRFG in /Applications/Microsoft Office 2008 won’t leave you seeing red, they’ve cleaned that all up quite nicely.
Anyway, call me picky, but it forgets just one thing, the /Library/Fonts/Microsoft folder, it leaves that and its contents owned by 502 and they’re all marked executable. (Fonts don’t really need to be executable.) And as paranoid as it is — it’s still not quite right. So after you’ve put your tinfoil hat on, run 12.01, you can do this to finish it up:
#take away all users’ execute permissions
chmod a-x /Library/Fonts/Microsoft/*
#recursively own all fonts as root and admin group
sudo chown -R root:admin /Library/Fonts/Microsoft
Update: Or you can go into the update using Show Package Contents then navigate to Contents/Packages and run Office2008_en_fonts_12.0.1.incremental.pkg again, that’ll do the trick.