* [meta-hardening][PATCH] meta-hardening/binutils: harden installation permissions
@ 2021-08-25 6:15 Marta Rybczynska
0 siblings, 0 replies; 2+ messages in thread
From: Marta Rybczynska @ 2021-08-25 6:15 UTC (permalink / raw)
To: yocto, akuster808; +Cc: Marta Rybczynska, Marta Rybczynska
Compilers and related utils are better restricted on production platforms.
Change permissions of all installed binutils tools to remove access from
users outside of the root group.
This also demonstrates how to restrict file permissions in a hardened
distribution.
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
meta-hardening/recipes-devtools/binutils/binutils_%.bbappend | 3 +++
1 file changed, 3 insertions(+)
create mode 100644 meta-hardening/recipes-devtools/binutils/binutils_%.bbappend
diff --git a/meta-hardening/recipes-devtools/binutils/binutils_%.bbappend b/meta-hardening/recipes-devtools/binutils/binutils_%.bbappend
new file mode 100644
index 0000000..3eb3ad0
--- /dev/null
+++ b/meta-hardening/recipes-devtools/binutils/binutils_%.bbappend
@@ -0,0 +1,3 @@
+do_install_append_class-target () {
+ chmod o-rx ${D}${prefix}/${TARGET_SYS}/bin/*
+}
--
2.30.2
^ permalink raw reply related [flat|nested] 2+ messages in thread[parent not found: <20210825060532.8379-1-rybczynska@gmail.com>]
end of thread, other threads:[~2021-08-30 16:26 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-25 6:15 [meta-hardening][PATCH] meta-hardening/binutils: harden installation permissions Marta Rybczynska
[not found] <20210825060532.8379-1-rybczynska@gmail.com>
[not found] ` <4aa7aca3-2de1-8cc4-123b-f0f4e44ccfb2@gmail.com>
2021-08-30 16:26 ` Marta Rybczynska
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.