meta-facebook: reduce permissions on scripts
Scripts should be installed with 0755 permissions and not 0777,
otherwise non-root users can potentially modify or delete them.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I41270a2bb3fb940d8ca49ed6230545d98efb2fea
diff --git a/meta-facebook/recipes-phosphor/datetime/phosphor-time-manager_%.bbappend b/meta-facebook/recipes-phosphor/datetime/phosphor-time-manager_%.bbappend
index 278f7b6..9170cf8 100644
--- a/meta-facebook/recipes-phosphor/datetime/phosphor-time-manager_%.bbappend
+++ b/meta-facebook/recipes-phosphor/datetime/phosphor-time-manager_%.bbappend
@@ -13,7 +13,7 @@
install -d ${D}$/lib/systemd/system
install -m 0644 ${WORKDIR}/bmc-set-time.service ${D}$/lib/systemd/system
install -d ${D}${libexecdir}
- install -m 0777 ${WORKDIR}/set-bmc-time-from-host ${D}${libexecdir}
+ install -m 0755 ${WORKDIR}/set-bmc-time-from-host ${D}${libexecdir}
}
SYSTEMD_SERVICE:${PN}:fb-withhost += "bmc-set-time.service"
diff --git a/meta-facebook/recipes-phosphor/fans/phosphor-fan_%.bbappend b/meta-facebook/recipes-phosphor/fans/phosphor-fan_%.bbappend
index e9dcf33..819903a 100644
--- a/meta-facebook/recipes-phosphor/fans/phosphor-fan_%.bbappend
+++ b/meta-facebook/recipes-phosphor/fans/phosphor-fan_%.bbappend
@@ -31,7 +31,7 @@
install -m 0755 -d ${D}/var/lib/phosphor-fan-presence/sensor-monitor
install -d ${D}${libexecdir}/phosphor-fan-sensor-monitor
- install -m 0777 ${WORKDIR}/host-poweroff ${D}${libexecdir}/phosphor-fan-sensor-monitor/
+ install -m 0755 ${WORKDIR}/host-poweroff ${D}${libexecdir}/phosphor-fan-sensor-monitor/
}
pkg_postinst:${PN}-sensor-monitor() {
diff --git a/meta-facebook/recipes-phosphor/gpio/phosphor-gpio-monitor_%.bbappend b/meta-facebook/recipes-phosphor/gpio/phosphor-gpio-monitor_%.bbappend
index c3e43ea..294fa42 100644
--- a/meta-facebook/recipes-phosphor/gpio/phosphor-gpio-monitor_%.bbappend
+++ b/meta-facebook/recipes-phosphor/gpio/phosphor-gpio-monitor_%.bbappend
@@ -24,6 +24,6 @@
${D}${systemd_system_unitdir}
install -d ${D}${libexecdir}/phosphor-gpio-monitor
- install -m 0777 ${WORKDIR}/ipmb-rescan-fru.sh ${D}${libexecdir}/phosphor-gpio-monitor/
+ install -m 0755 ${WORKDIR}/ipmb-rescan-fru.sh ${D}${libexecdir}/phosphor-gpio-monitor/
}
FILES:${PN} += "${systemd_system_unitdir}/obmc-ipmb-rescan-fru.service"
diff --git a/meta-facebook/recipes-phosphor/state/phosphor-state-manager_%.bbappend b/meta-facebook/recipes-phosphor/state/phosphor-state-manager_%.bbappend
index dc7fdec..8d48c68 100644
--- a/meta-facebook/recipes-phosphor/state/phosphor-state-manager_%.bbappend
+++ b/meta-facebook/recipes-phosphor/state/phosphor-state-manager_%.bbappend
@@ -49,15 +49,15 @@
install -m 0644 ${WORKDIR}/*.service ${D}${systemd_system_unitdir}/
install -d ${D}${libexecdir}/${PN}
- install -m 0777 ${WORKDIR}/chassis-poweroff ${D}${libexecdir}/${PN}/
- install -m 0777 ${WORKDIR}/chassis-poweron ${D}${libexecdir}/${PN}/
- install -m 0777 ${WORKDIR}/chassis-powercycle ${D}${libexecdir}/${PN}/
- install -m 0777 ${WORKDIR}/host-poweroff ${D}${libexecdir}/${PN}/
- install -m 0777 ${WORKDIR}/host-poweron ${D}${libexecdir}/${PN}/
- install -m 0777 ${WORKDIR}/host-powercycle ${D}${libexecdir}/${PN}/
- install -m 0777 ${WORKDIR}/host-powerreset ${D}${libexecdir}/${PN}/
- install -m 0777 ${WORKDIR}/power-cmd ${D}${libexecdir}/${PN}/
- install -m 0777 ${WORKDIR}/power-ctrl-init ${D}${libexecdir}/${PN}/
+ install -m 0755 ${WORKDIR}/chassis-poweroff ${D}${libexecdir}/${PN}/
+ install -m 0755 ${WORKDIR}/chassis-poweron ${D}${libexecdir}/${PN}/
+ install -m 0755 ${WORKDIR}/chassis-powercycle ${D}${libexecdir}/${PN}/
+ install -m 0755 ${WORKDIR}/host-poweroff ${D}${libexecdir}/${PN}/
+ install -m 0755 ${WORKDIR}/host-poweron ${D}${libexecdir}/${PN}/
+ install -m 0755 ${WORKDIR}/host-powercycle ${D}${libexecdir}/${PN}/
+ install -m 0755 ${WORKDIR}/host-powerreset ${D}${libexecdir}/${PN}/
+ install -m 0755 ${WORKDIR}/power-cmd ${D}${libexecdir}/${PN}/
+ install -m 0755 ${WORKDIR}/power-ctrl-init ${D}${libexecdir}/${PN}/
}
FILES:${PN} += " ${systemd_system_unitdir}/*.service"