From a25549483faf6293a80d6dbb0fba2132d9685c0e Mon Sep 17 00:00:00 2001
From: Craig Andrews <candrews@integralblue.com>
Date: Fri, 28 Jul 2023 13:48:40 -0400
Subject: [PATCH] Set /home/cnb file mode to 0750

The permission for this directory were 0777 which is too permissive.

0750 complies with security recommendations such as those made by CIS.

Signed-off-by: Craig Andrews <candrews@integralblue.com>
---
 internal/ihop/user_layer_creator.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/ihop/user_layer_creator.go b/internal/ihop/user_layer_creator.go
index b45d457..e9d85bf 100644
--- a/internal/ihop/user_layer_creator.go
+++ b/internal/ihop/user_layer_creator.go
@@ -87,7 +87,7 @@ func (c UserLayerCreator) Create(image Image, def DefinitionImage, _ SBOM) (Laye
 	err = tw.WriteHeader(&tar.Header{
 		Typeflag: tar.TypeDir,
 		Name:     "home/cnb",
-		Mode:     int64(os.ModePerm),
+		Mode:     int64(os.FileMode(0750)),
 		Uid:      def.UID,
 		Gid:      def.GID,
 	})