[meta-hardening][PATCH] meta-hardening/binutils: harden installation permissions

Marta Rybczynska

Compilers and related utils are better restricted on production platforms.
Change permissions of all installed binutils tools to remove access from
users outside of the root group.

This also demonstrates how to restrict file permissions in a hardened

Signed-off-by: Marta Rybczynska <marta.rybczynska@...>
meta-hardening/recipes-devtools/binutils/binutils_%.bbappend | 3 +++
1 file changed, 3 insertions(+)
create mode 100644 meta-hardening/recipes-devtools/binutils/binutils_%.bbappend

diff --git a/meta-hardening/recipes-devtools/binutils/binutils_%.bbappend b/meta-hardening/recipes-devtools/binutils/binutils_%.bbappend
new file mode 100644
index 0000000..3eb3ad0
--- /dev/null
+++ b/meta-hardening/recipes-devtools/binutils/binutils_%.bbappend
@@ -0,0 +1,3 @@
+do_install_append_class-target () {
+ chmod o-rx ${D}${prefix}/${TARGET_SYS}/bin/*

Join yocto@lists.yoctoproject.org to automatically receive all group messages.