Change the system.map file permission only readable by root

sonic-net · Sep 7, 2023 · 8f9285f · 8f9285f
1 parent d070cae
commit 8f9285f
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 0 deletions.
diff --git a/patch/0001-Change-the-system.map-file-permission-only-readable-.patch b/patch/0001-Change-the-system.map-file-permission-only-readable-.patch
@@ -0,0 +1,25 @@
+From 01e598f75f4ab650555b01116ceec4e5c8f2899b Mon Sep 17 00:00:00 2001
+From: xumia <[email protected]>
+Date: Thu, 7 Sep 2023 02:53:49 +0000
+Subject: [PATCH] Change the system.map file permission only readable by root
+
+---
+ debian/rules.real | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/debian/rules.real b/debian/rules.real
+index 3304579ad..908258789 100644
+--- a/debian/rules.real
++++ b/debian/rules.real
+@@ -505,7 +505,7 @@ install-image-dbg_$(ARCH)_$(FEATURESET)_$(FLAVOUR): $(STAMPS_DIR)/build_$(ARCH)_
+ 	dh_installdirs usr/lib/debug usr/lib/debug/boot usr/share/lintian/overrides/
+ 	dh_lintian
+ 	install -m644 $(DIR)/vmlinux $(DEBUG_DIR)/boot/vmlinux-$(REAL_VERSION)
+-	install -m644 $(DIR)/System.map $(DEBUG_DIR)/boot/System.map-$(REAL_VERSION)
++	install -m600 $(DIR)/System.map $(DEBUG_DIR)/boot/System.map-$(REAL_VERSION)
+ 	+$(MAKE_CLEAN) -C $(DIR) modules_install DEPMOD='$(CURDIR)/debian/bin/no-depmod' INSTALL_MOD_PATH='$(CURDIR)'/$(DEBUG_DIR)
+ 	find $(DEBUG_DIR)/lib/modules/$(REAL_VERSION)/ -mindepth 1 -maxdepth 1 \! -name kernel -exec rm {} \+
+ 	rm $(DEBUG_DIR)/lib/firmware -rf
+-- 
+2.30.2
+
diff --git a/patch/series b/patch/series
@@ -213,6 +213,9 @@ armhf_secondary_boot_online.patch
 0020-dts-marvell-Add-support-for-7020-comexpress.patch
 0021-arm64-dts-marvell-Add-Nokia-7215-IXS-A1-board.patch
 
+# Security patch
+0001-Change-the-system.map-file-permission-only-readable-.patch
+
 #
 #
 ############################################################