(correcting the wrong list address) On Fri, Aug 27, 2021 at 6:07 AM akuster808 <akuster...@gmail.com> wrote:
> Marta, > > On 8/24/21 11:05 PM, Marta Rybczynska wrote: > > Compilers and related utils are better restricted on production > platforms. > > Change permissions of all installed binutils tools to remove access from > > users outside of the root group. > > > > This also demonstrates how to restrict file permissions in a hardened > > distribution. > > Have you looked into FILESYSTEM_PERMS_TABLES? An example of the format > can be found @ /meta/files/fs-perms.txt > > For more info see > https://www.yoctoproject.org/docs/3.1/ref-manual/ref-manual.html > > Maybe having something like fs-perms.txt in meta-hardening may achieve > the same? > > It looks like a possibility, I will give it a try. I have a question about the future, however. Currently meta-hardening is defining its own distribution. When hardening will be in DISTRO_FEATURES (you were working on it some time ago https://patchwork.openembedded.org/patch/174773/), it would be less obvious to use, wouldn't it? A bonus question, do you still plan to make it in DISTRO_FEATURES? Regards, Marta
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#54604): https://lists.yoctoproject.org/g/yocto/message/54604 Mute This Topic: https://lists.yoctoproject.org/mt/85129693/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
