Description of problem: the anaconda-ks.cfg file that is automatically placed in /root upon install is given read permissions to everyone. This gives unauthorized users access to this line: rootpw --iscrypted <encrypted password here> Version-Release number of selected component (if applicable): How reproducible: Install EL4 and type ls -l /root Actual results: file is readable by everyone Expected results: should be chmod 600
/root should be 750 so you can't actually get to the dir to read the file if you are not root. ls -ld /root Try as non-root user cat /root/anaconda-ks.cfg - you should get permission denied.
Silly me, your right. I guess an extra level of paranoia can't hurt though.
It looks as if that was the intent - I've commited this to rawhide.