FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 03-24-2011, 12:02 PM
Tim Gardner
 
Default packaging: adjust perms on vmlinuz as well

On 03/23/2011 02:17 PM, Kees Cook wrote:

Since kernel symbols are resolvable internally to the kernel, the kernel
itself has a map of the symbols. Continuing the tradition of frustrating
off-the-shelf kernel exploits, make vmlinuz unreadable for non-root, just
like has been done for System.map, etc.

Signed-off-by: Kees Cook<kees.cook@canonical.com>
---
debian/rules.d/2-binary-arch.mk | 4 ++--
debian/scripts/sub-flavour | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
index c31ab14..9765ef7 100644
--- a/debian/rules.d/2-binary-arch.mk
+++ b/debian/rules.d/2-binary-arch.mk
@@ -54,13 +54,13 @@ install-%: $(stampdir)/stamp-build-% checks-%
# compress_file logic required because not all architectures
# generate a zImage automatically out of the box
ifeq ($(compress_file),)
- install -m644 -D $(builddir)/build-$*/$(kernel_file)
+ install -m600 -D $(builddir)/build-$*/$(kernel_file)
$(pkgdir)/boot/$(install_file)-$(abi_release)-$*
else
install -d $(pkgdir)/boot
gzip -c9v $(builddir)/build-$*/$(kernel_file)>
$(pkgdir)/boot/$(install_file)-$(abi_release)-$*
- chmod 644 $(pkgdir)/boot/$(install_file)-$(abi_release)-$*
+ chmod 600 $(pkgdir)/boot/$(install_file)-$(abi_release)-$*
endif

install -m644 $(builddir)/build-$*/.config
diff --git a/debian/scripts/sub-flavour b/debian/scripts/sub-flavour
index 45456bb..0100493 100644
--- a/debian/scripts/sub-flavour
+++ b/debian/scripts/sub-flavour
@@ -11,9 +11,9 @@ from_moddir="debian/$from_pkg/lib/modules/$ABI_RELEASE-$FROM"
to_moddir="debian/$to_pkg/lib/modules/$ABI_RELEASE-$FROM"

install -d "debian/$to_pkg/boot"
-install -m644 debian/$from_pkg/boot/{vmlinuz,config}-$ABI_RELEASE-$FROM
+install -m644 debian/$from_pkg/boot/config-$ABI_RELEASE-$FROM
debian/$to_pkg/boot/
-install -m600 debian/$from_pkg/boot/System.map-$ABI_RELEASE-$FROM
+install -m600 debian/$from_pkg/boot/{vmlinuz,System.map}-$ABI_RELEASE-$FROM
debian/$to_pkg/boot/

#


applied

--
Tim Gardner tim.gardner@canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 12:12 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org