Skip to content

Change the system.map file permission only readable by root #368

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Dec 21, 2023
Merged

Change the system.map file permission only readable by root #368

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6ce4c8c
Change the system.map file permission only readable by root
xumia Dec 10, 2023
3a6df62
Merge branch 'master' into fix-system-map-permission-issue-1
xumia Dec 15, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 27 additions & 10 deletions patch/0001-Change-the-system.map-file-permission-only-readable-.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,25 +1,42 @@
From 01e598f75f4ab650555b01116ceec4e5c8f2899b Mon Sep 17 00:00:00 2001
From: xumia <xumia@contoso.com>
Date: Thu, 7 Sep 2023 02:53:49 +0000
From 0ec2a0c7a1380d55072fa3661abf8a33215b3dd6 Mon Sep 17 00:00:00 2001
From: xumia <xumia@microsoft.com>
Date: Sun, 10 Dec 2023 01:02:27 +0000
Subject: [PATCH] Change the system.map file permission only readable by root

---
debian/rules.real | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
debian/rules.real | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/debian/rules.real b/debian/rules.real
index 3304579ad..908258789 100644
index 98ee4ac7a..5f1d8a665 100644
--- a/debian/rules.real
+++ b/debian/rules.real
@@ -505,7 +505,7 @@ install-image-dbg_$(ARCH)_$(FEATURESET)_$(FLAVOUR): $(STAMPS_DIR)/build_$(ARCH)_
dh_installdirs usr/lib/debug usr/lib/debug/boot usr/share/lintian/overrides/
@@ -191,7 +191,7 @@ endif
dh_bugfiles
dh_lintian
dh_compress
- dh_fixperms
+ dh_fixperms -XSystem.map-*
dh_installdeb
dh_gencontrol -- $(GENCONTROL_ARGS)
dh_md5sums
@@ -383,6 +383,7 @@ endif
sed '/CONFIG_\(MODULE_SIG_\(ALL\|KEY\)\|SYSTEM_TRUSTED_KEYS\|BUILD_SALT\)[ =]/d' $(DIR)/.config > $(DESTDIR)/boot/config-$(REAL_VERSION)
echo "ffffffffffffffff B The real System.map is in the linux-image-<version>-dbg package" \
> $(DESTDIR)/boot/System.map-$(REAL_VERSION)
+ chmod 600 $(DESTDIR)/boot/System.map-$(REAL_VERSION)
rm -f $(DESTDIR)/lib/modules/$(REAL_VERSION)/build
rm -f $(DESTDIR)/lib/modules/$(REAL_VERSION)/source
rm $(DESTDIR)/lib/firmware -rf
@@ -435,7 +436,7 @@ binary_image-dbg: $(STAMPS_DIR)/build_$(ARCH)_$(FEATURESET)_$(FLAVOUR)
dh_prep
dh_installdirs usr/lib/debug usr/lib/debug/boot usr/share/lintian/overrides/
install -m644 $(DIR)/vmlinux $(DEBUG_DIR)/boot/vmlinux-$(REAL_VERSION)
- install -m644 $(DIR)/System.map $(DEBUG_DIR)/boot/System.map-$(REAL_VERSION)
+ install -m600 $(DIR)/System.map $(DEBUG_DIR)/boot/System.map-$(REAL_VERSION)
+$(MAKE_CLEAN) -C $(DIR) modules_install DEPMOD='$(CURDIR)/debian/bin/no-depmod' INSTALL_MOD_PATH='$(CURDIR)'/$(DEBUG_DIR)
+$(MAKE_CLEAN) -C $(DIR) modules_install DEPMOD='$(CURDIR)/debian/bin/no-depmod' INSTALL_MOD_PATH=$(DEBUG_DIR)
find $(DEBUG_DIR)/lib/modules/$(REAL_VERSION)/ -mindepth 1 -maxdepth 1 \! -name kernel -exec rm {} \+
rm $(DEBUG_DIR)/lib/firmware -rf
--
2.30.2
2.25.1

3 changes: 1 addition & 2 deletions patch/series
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -185,8 +185,7 @@ cisco-npu-disable-other-bars.patch
0024-drivers-soc-pensando-penfw-driver.patch

# Security patch
# TODO: update for bookworm
#0001-Change-the-system.map-file-permission-only-readable-.patch
0001-Change-the-system.map-file-permission-only-readable-.patch

#
#
Expand Down