From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.x) Gecko/20031020 Description of problem: I installed Fedora Core 2, and entered a GRUB password, only to find that Anaconda created /etc/lilo.conf.anaconda with the GRUB password in plain text. LILO is not even used on these systems or available as an installer option, and this is bad news for someone who uses a sensitive password for the bootloader!!! Version-Release number of selected component (if applicable): as distributed on ISO's How reproducible: Didn't try Steps to Reproduce: 1.Install FC2 2.Set a GRUB password during install 3.View /etc/lilo.conf.anaconda Additional info:
I should have mentioned that the lilo.conf.anaconda file is mode 0600, so this is only readable by root, which mitigates the issue somewhat; nevertheless has a potential for increasing the severity of a compromise or even of an arbitrary-file-disclosure bug in certain services, etc.
This is from an attempt to make it easy to migrate from grub->lilo if needed. At this point, not putting the plaintext password seems a bigger win, so changed for booty-0.42-1