The first test case is readily reproducible (buster=1:2.5.1) with the
executable script invoked by root.
The surprising difference in directory ownership can likely be explained
by the absence/presence of a semicolon:
https://ruby-doc.org/core-2.5.1/Kernel.html#method-i-exec
Merely adding a trailing semicolon, i.e. `...bar;` changes the process
hierarchy and resulting directory ownership; compare and contrast using
strace -ff -o /tmp/repro -e process ./repro.rb
Whenever /bin/sh occurs in the process hierarchy between the Ruby
interpreter and the actual shell command then the EUID/EGID settings
appear to be dropped. However, beyond this clarification, I offer no
opinion on whether the observed behaviour constitutes a bug or a
security feature.
