Description of problem: Fopen hardcodes 0666 as mode. So during an rpm install, the files created will have a mode of 666 and thus can be overwritten by anyone on the system until chmod() is called. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
No, files are created 0666 iff umask is 000, and that's a configuration choice and/or problem. Fopen calls open(2), and the mode passed to the system call is adjusted by the current umask, typically 022, resulting in mode 0644 for newly created files.