From 4398eec03ce1f4552ce0c475b2bb3f0cd1a6a84b Mon Sep 17 00:00:00 2001
From: Andreas Kling <awesomekling@gmail.com>
Date: Sat, 4 Jan 2020 11:12:59 +0100
Subject: [PATCH] Build: Lock down the /mod and /boot directories

Make these directories accessible to root only. Unprivileged users have
no need to look at the kernel binary or kernel modules.
---
 Kernel/build-root-filesystem.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Kernel/build-root-filesystem.sh b/Kernel/build-root-filesystem.sh
index f0c607f6da..1c5f1dc267 100755
--- a/Kernel/build-root-filesystem.sh
+++ b/Kernel/build-root-filesystem.sh
@@ -166,10 +166,14 @@ ln -s ProfileViewer mnt/bin/pv
 echo "done"
 
 mkdir -p mnt/boot/
+chmod 700 mnt/boot/
 cp kernel mnt/boot/
+chmod 600 mnt/boot/kernel
 
 mkdir -p mnt/mod/
+chmod 700 mnt/mod/
 cp TestModule.kernel.o mnt/mod/TestModule.o
+chmod 600 mnt/mod/*.o
 
 # Run local sync script, if it exists
 if [ -f sync-local.sh ]; then