Description of problem:
Fopen hardcodes 0666 as mode. So during an rpm install, the files created
will have a mode of 666 and thus can be overwritten by anyone on the system
until chmod() is called.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
No, files are created 0666 iff umask is 000, and that's
a configuration choice and/or problem.
Fopen calls open(2), and the mode passed to the system call
is adjusted by the current umask, typically 022, resulting
in mode 0644 for newly created files.