Compilers and related utils are better restricted on production platforms. Change permissions of all installed binutils tools to remove access from users outside of the root group.
This also demonstrates how to restrict file permissions in a hardened distribution. Signed-off-by: Marta Rybczynska <marta.rybczyn...@huawei.com> --- meta-hardening/recipes-devtools/binutils/binutils_%.bbappend | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 meta-hardening/recipes-devtools/binutils/binutils_%.bbappend diff --git a/meta-hardening/recipes-devtools/binutils/binutils_%.bbappend b/meta-hardening/recipes-devtools/binutils/binutils_%.bbappend new file mode 100644 index 0000000..3eb3ad0 --- /dev/null +++ b/meta-hardening/recipes-devtools/binutils/binutils_%.bbappend @@ -0,0 +1,3 @@ +do_install_append_class-target () { + chmod o-rx ${D}${prefix}/${TARGET_SYS}/bin/* +} -- 2.30.2
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#54553): https://lists.yoctoproject.org/g/yocto/message/54553 Mute This Topic: https://lists.yoctoproject.org/mt/85129693/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-