From 8f9285f8457875155d91915fd92cccd379500813 Mon Sep 17 00:00:00 2001 From: xumia Date: Thu, 7 Sep 2023 03:04:45 +0000 Subject: [PATCH] Change the system.map file permission only readable by root --- ...m.map-file-permission-only-readable-.patch | 25 +++++++++++++++++++ patch/series | 3 +++ 2 files changed, 28 insertions(+) create mode 100644 patch/0001-Change-the-system.map-file-permission-only-readable-.patch diff --git a/patch/0001-Change-the-system.map-file-permission-only-readable-.patch b/patch/0001-Change-the-system.map-file-permission-only-readable-.patch new file mode 100644 index 000000000..6671b87ba --- /dev/null +++ b/patch/0001-Change-the-system.map-file-permission-only-readable-.patch @@ -0,0 +1,25 @@ +From 01e598f75f4ab650555b01116ceec4e5c8f2899b Mon Sep 17 00:00:00 2001 +From: xumia +Date: Thu, 7 Sep 2023 02:53:49 +0000 +Subject: [PATCH] Change the system.map file permission only readable by root + +--- + debian/rules.real | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/debian/rules.real b/debian/rules.real +index 3304579ad..908258789 100644 +--- a/debian/rules.real ++++ b/debian/rules.real +@@ -505,7 +505,7 @@ install-image-dbg_$(ARCH)_$(FEATURESET)_$(FLAVOUR): $(STAMPS_DIR)/build_$(ARCH)_ + dh_installdirs usr/lib/debug usr/lib/debug/boot usr/share/lintian/overrides/ + dh_lintian + install -m644 $(DIR)/vmlinux $(DEBUG_DIR)/boot/vmlinux-$(REAL_VERSION) +- install -m644 $(DIR)/System.map $(DEBUG_DIR)/boot/System.map-$(REAL_VERSION) ++ install -m600 $(DIR)/System.map $(DEBUG_DIR)/boot/System.map-$(REAL_VERSION) + +$(MAKE_CLEAN) -C $(DIR) modules_install DEPMOD='$(CURDIR)/debian/bin/no-depmod' INSTALL_MOD_PATH='$(CURDIR)'/$(DEBUG_DIR) + find $(DEBUG_DIR)/lib/modules/$(REAL_VERSION)/ -mindepth 1 -maxdepth 1 \! -name kernel -exec rm {} \+ + rm $(DEBUG_DIR)/lib/firmware -rf +-- +2.30.2 + diff --git a/patch/series b/patch/series index b9ccfc32c..a1fd43f1f 100755 --- a/patch/series +++ b/patch/series @@ -213,6 +213,9 @@ armhf_secondary_boot_online.patch 0020-dts-marvell-Add-support-for-7020-comexpress.patch 0021-arm64-dts-marvell-Add-Nokia-7215-IXS-A1-board.patch +# Security patch +0001-Change-the-system.map-file-permission-only-readable-.patch + # # ############################################################