Set manifests to mode 600 and owner root
Manifests files can release sensitive information and therefore should have restrictive permissions. Change-Id: I64d6c830217a7d8b0172df2dc774079dcd1e2a68 Related-Bug: #1671842
This commit is contained in:
parent
1c0a5d995a
commit
57ef187632
@ -34,3 +34,7 @@ echo "$DIB_ARGS" | sudo dd of=${MANIFEST_IMAGE_PATH}/dib_arguments # dib-lint:
|
|||||||
|
|
||||||
mkdir -p ${DIB_MANIFEST_SAVE_DIR}
|
mkdir -p ${DIB_MANIFEST_SAVE_DIR}
|
||||||
cp --no-preserve=ownership -rv ${MANIFEST_IMAGE_PATH} ${DIB_MANIFEST_SAVE_DIR}
|
cp --no-preserve=ownership -rv ${MANIFEST_IMAGE_PATH} ${DIB_MANIFEST_SAVE_DIR}
|
||||||
|
|
||||||
|
# may contain passwords, etc, so limit permissions
|
||||||
|
find ${DIB_MANIFEST_SAVE_DIR} -type f | xargs sudo chown root:root # dib-lint: safe_sudo
|
||||||
|
find ${DIB_MANIFEST_SAVE_DIR} -type f | xargs sudo chmod 600 # dib-lint: safe_sudo
|
||||||
|
Loading…
Reference in New Issue
Block a user