Problem Description:
When etcupdate encounters conflicts while merging files, it
saves a version containing conflict markers in /var/db/etcupdate/conflicts.
This version does not preserve the mode of the input file, and is
world-readable. This applies to files that would normally have
restricted visibility, such as /etc/master.passwd.
Impact:
An unprivileged local user may be able to read encrypted root
and user passwords from the temporary master.passwd file created
in /var/db/etcupdate/conflicts. This is possible only when conflicts
within the password file arise during an update, and the unprotected
file is deleted when conflicts are resolved.