Description of problem: The iodine-server and iodine-client files in the /etc/sysconfig are visible by non-root users. The impact of that is the password leakage. So, this is kinda security bug. Version-Release number of selected component (if applicable): Official EPEL5.
Firstly thank you for the bugreport. Most of files in /etc/sysconfig is readable by regular user. In fact base way provide passwords in command line absolutely is not safe because it potentially accessible through process list. So, change permission on that files nothing does unfortunately. If you want truly security way you should ask upstream to add f.e. PKI support, or at least (by example VNC) - support read password from provided file.
We are talking about the iodine(d) itself. The others have their own issues. So, iodine(d) has no security problems with the password visibility (check process tree please) until you introduced the wrong permissions to the file.
iodine-0.6.0-0.rc1.6.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/iodine-0.6.0-0.rc1.6.el5
iodine-0.6.0-0.rc1.6.fc12 has been submitted as an update for Fedora 12. https://admin.fedoraproject.org/updates/iodine-0.6.0-0.rc1.6.fc12
iodine-0.6.0-0.rc1.6.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/iodine-0.6.0-0.rc1.6.fc13
iodine-0.6.0-0.rc1.6.el5 has been pushed to the Fedora EPEL 5 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update iodine'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/iodine-0.6.0-0.rc1.6.el5
iodine-0.6.0-0.rc1.6.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
iodine-0.6.0-0.rc1.6.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
iodine-0.6.0-0.rc1.6.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.