[yocto] [meta-hardening][PATCH] meta-hardening/binutils: harden installation permissions

[Marta Rybczynska]

Compilers and related utils are better restricted on production platforms.
Change permissions of all installed binutils tools to remove access from
users outside of the root group.

This also demonstrates how to restrict file permissions in a hardened
distribution.

Signed-off-by: Marta Rybczynska <marta.rybczyn...@huawei.com>
---
 meta-hardening/recipes-devtools/binutils/binutils_%.bbappend | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 meta-hardening/recipes-devtools/binutils/binutils_%.bbappend

diff --git a/meta-hardening/recipes-devtools/binutils/binutils_%.bbappend 
b/meta-hardening/recipes-devtools/binutils/binutils_%.bbappend
new file mode 100644
index 0000000..3eb3ad0
--- /dev/null
+++ b/meta-hardening/recipes-devtools/binutils/binutils_%.bbappend
@@ -0,0 +1,3 @@
+do_install_append_class-target () {
+    chmod o-rx ${D}${prefix}/${TARGET_SYS}/bin/*
+}
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#54553): https://lists.yoctoproject.org/g/yocto/message/54553
Mute This Topic: https://lists.yoctoproject.org/mt/85129693/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-