From d3135247287cb3a4b932a89c088c9011b4a19a56 Mon Sep 17 00:00:00 2001
From: Patrick Williams <patrick@stwcx.xyz>
Date: Fri, 19 Jan 2024 16:45:58 -0600
Subject: meta-facebook: reduce permissions on scripts

Scripts should be installed with 0755 permissions and not 0777,
otherwise non-root users can potentially modify or delete them.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I41270a2bb3fb940d8ca49ed6230545d98efb2fea
---
 .../state/phosphor-state-manager_%.bbappend            |  2 +-
 .../gpio/phosphor-gpio-monitor_%.bbappend              | 14 +++++++-------
 .../state/phosphor-state-manager_%.bbappend            | 14 +++++++-------
 .../gpio/phosphor-gpio-monitor_%.bbappend              |  4 ++--
 .../gpio/phosphor-gpio-monitor_%.bbappend              |  4 ++--
 .../state/phosphor-state-manager_%.bbappend            | 18 +++++++++---------
 .../datetime/phosphor-time-manager_%.bbappend          |  2 +-
 .../recipes-phosphor/fans/phosphor-fan_%.bbappend      |  2 +-
 .../gpio/phosphor-gpio-monitor_%.bbappend              |  2 +-
 .../state/phosphor-state-manager_%.bbappend            | 18 +++++++++---------
 10 files changed, 40 insertions(+), 40 deletions(-)

diff --git a/meta-facebook/meta-bletchley/recipes-phosphor/state/phosphor-state-manager_%.bbappend b/meta-facebook/meta-bletchley/recipes-phosphor/state/phosphor-state-manager_%.bbappend
index 6b6062c30a..1cc021a6b2 100644
--- a/meta-facebook/meta-bletchley/recipes-phosphor/state/phosphor-state-manager_%.bbappend
+++ b/meta-facebook/meta-bletchley/recipes-phosphor/state/phosphor-state-manager_%.bbappend
@@ -17,7 +17,7 @@ do_install:append:bletchley() {
     install -m 0644 ${WORKDIR}/*.service ${D}${systemd_system_unitdir}/
 
     install -d ${D}${libexecdir}/${PN}
-    install -m 0777 ${WORKDIR}/chassis-powercycle ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/chassis-powercycle ${D}${libexecdir}/${PN}/
 }
 
 FILES:${PN}:append:bletchley = " ${systemd_system_unitdir}"
diff --git a/meta-facebook/meta-harma/recipes-phosphor/gpio/phosphor-gpio-monitor_%.bbappend b/meta-facebook/meta-harma/recipes-phosphor/gpio/phosphor-gpio-monitor_%.bbappend
index 8ab2deb3b0..e13d98d3c6 100644
--- a/meta-facebook/meta-harma/recipes-phosphor/gpio/phosphor-gpio-monitor_%.bbappend
+++ b/meta-facebook/meta-harma/recipes-phosphor/gpio/phosphor-gpio-monitor_%.bbappend
@@ -44,16 +44,16 @@ do_install:append:() {
     install -m 0644 ${WORKDIR}/*.service ${D}${systemd_system_unitdir}/
 
     install -d ${D}${libexecdir}/${PN}
-    install -m 0777 ${WORKDIR}/multi-gpios-sys-init ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/multi-gpios-sys-init ${D}${libexecdir}/${PN}/
 
-    install -m 0777 ${WORKDIR}/assert-reset-button ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/deassert-reset-button ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/assert-reset-button ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/deassert-reset-button ${D}${libexecdir}/${PN}/
 
-    install -m 0777 ${WORKDIR}/assert-post-end ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/deassert-post-end ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/assert-post-end ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/deassert-post-end ${D}${libexecdir}/${PN}/
 
-    install -m 0777 ${WORKDIR}/assert-power-good ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/deassert-power-good ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/assert-power-good ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/deassert-power-good ${D}${libexecdir}/${PN}/
 }
 
 SYSTEMD_OVERRIDE:${PN}-monitor:harma += "phosphor-multi-gpio-monitor.conf:phosphor-multi-gpio-monitor.service.d/phosphor-multi-gpio-monitor.conf"
diff --git a/meta-facebook/meta-harma/recipes-phosphor/state/phosphor-state-manager_%.bbappend b/meta-facebook/meta-harma/recipes-phosphor/state/phosphor-state-manager_%.bbappend
index 358cf3ded1..954bc3962e 100644
--- a/meta-facebook/meta-harma/recipes-phosphor/state/phosphor-state-manager_%.bbappend
+++ b/meta-facebook/meta-harma/recipes-phosphor/state/phosphor-state-manager_%.bbappend
@@ -48,13 +48,13 @@ do_install:append:harma() {
     install -m 0644 ${WORKDIR}/*.service ${D}${systemd_system_unitdir}/
 
     install -d ${D}${libexecdir}/${PN}
-    install -m 0777 ${WORKDIR}/chassis-powercycle ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/host-poweroff ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/host-poweron ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/host-powercycle ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/host-powerreset ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/power-cmd ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/phosphor-state-manager-init ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/chassis-powercycle ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/host-poweroff ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/host-poweron ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/host-powercycle ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/host-powerreset ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/power-cmd ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/phosphor-state-manager-init ${D}${libexecdir}/${PN}/
 }
 SYSTEMD_OVERRIDE:${PN}-discover:harma += "discover-sys-init.conf:phosphor-discover-system-state@0.service.d/discover-sys-init.conf"
 SYSTEMD_OVERRIDE:${PN}-systemd-target-monitor:harma += "phosphor-state-manager-init.conf:phosphor-systemd-target-monitor.service.d/phosphor-state-manager-init.conf"
diff --git a/meta-facebook/meta-minerva/recipes-phosphor/gpio/phosphor-gpio-monitor_%.bbappend b/meta-facebook/meta-minerva/recipes-phosphor/gpio/phosphor-gpio-monitor_%.bbappend
index b1b4603fee..a862cd41fd 100644
--- a/meta-facebook/meta-minerva/recipes-phosphor/gpio/phosphor-gpio-monitor_%.bbappend
+++ b/meta-facebook/meta-minerva/recipes-phosphor/gpio/phosphor-gpio-monitor_%.bbappend
@@ -43,6 +43,6 @@ do_install:append:() {
     done
 
     install -d ${D}${libexecdir}/${PN}
-    install -m 0777 ${WORKDIR}/logging ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/sfp-present-check ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/logging ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/sfp-present-check ${D}${libexecdir}/${PN}/
 }
diff --git a/meta-facebook/meta-yosemite4/recipes-phosphor/gpio/phosphor-gpio-monitor_%.bbappend b/meta-facebook/meta-yosemite4/recipes-phosphor/gpio/phosphor-gpio-monitor_%.bbappend
index a3c30a39e9..4ec5991bb5 100644
--- a/meta-facebook/meta-yosemite4/recipes-phosphor/gpio/phosphor-gpio-monitor_%.bbappend
+++ b/meta-facebook/meta-yosemite4/recipes-phosphor/gpio/phosphor-gpio-monitor_%.bbappend
@@ -33,6 +33,6 @@ do_install:append:() {
     install -m 0644 ${WORKDIR}/rescan-fru-device@.service ${D}${systemd_system_unitdir}/rescan-fru-device@.service
     install -m 0644 ${WORKDIR}/slot-hot-plug@.service ${D}${systemd_system_unitdir}/slot-hot-plug@.service
     install -d ${D}${libexecdir}/${PN}
-    install -m 0777 ${WORKDIR}/probe-slot-device ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/rescan-fru-device ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/probe-slot-device ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/rescan-fru-device ${D}${libexecdir}/${PN}/
 }
diff --git a/meta-facebook/meta-yosemite4/recipes-phosphor/state/phosphor-state-manager_%.bbappend b/meta-facebook/meta-yosemite4/recipes-phosphor/state/phosphor-state-manager_%.bbappend
index a6996106d8..70672d357d 100644
--- a/meta-facebook/meta-yosemite4/recipes-phosphor/state/phosphor-state-manager_%.bbappend
+++ b/meta-facebook/meta-yosemite4/recipes-phosphor/state/phosphor-state-manager_%.bbappend
@@ -44,15 +44,15 @@ do_install:append:yosemite4() {
     install -m 0644 ${WORKDIR}/*.service ${D}${systemd_system_unitdir}/
 
     install -d ${D}${libexecdir}/${PN}
-    install -m 0777 ${WORKDIR}/chassis-poweroff ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/chassis-poweron ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/chassis-powercycle ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/host-poweroff ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/host-poweron ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/host-powercycle ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/host-powerreset ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/power-cmd ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/wait-until-mctp-connection-done ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/chassis-poweroff ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/chassis-poweron ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/chassis-powercycle ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/host-poweroff ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/host-poweron ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/host-powercycle ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/host-powerreset ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/power-cmd ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/wait-until-mctp-connection-done ${D}${libexecdir}/${PN}/
 }
 
 FILES:${PN} += " ${systemd_system_unitdir}/*.service"
diff --git a/meta-facebook/recipes-phosphor/datetime/phosphor-time-manager_%.bbappend b/meta-facebook/recipes-phosphor/datetime/phosphor-time-manager_%.bbappend
index 278f7b6584..9170cf8753 100644
--- a/meta-facebook/recipes-phosphor/datetime/phosphor-time-manager_%.bbappend
+++ b/meta-facebook/recipes-phosphor/datetime/phosphor-time-manager_%.bbappend
@@ -13,7 +13,7 @@ do_install:append:fb-withhost(){
     install -d ${D}$/lib/systemd/system
     install -m 0644 ${WORKDIR}/bmc-set-time.service  ${D}$/lib/systemd/system
     install -d ${D}${libexecdir}
-    install -m 0777 ${WORKDIR}/set-bmc-time-from-host ${D}${libexecdir}
+    install -m 0755 ${WORKDIR}/set-bmc-time-from-host ${D}${libexecdir}
 }
 
 SYSTEMD_SERVICE:${PN}:fb-withhost += "bmc-set-time.service"
diff --git a/meta-facebook/recipes-phosphor/fans/phosphor-fan_%.bbappend b/meta-facebook/recipes-phosphor/fans/phosphor-fan_%.bbappend
index e9dcf33489..819903adb1 100644
--- a/meta-facebook/recipes-phosphor/fans/phosphor-fan_%.bbappend
+++ b/meta-facebook/recipes-phosphor/fans/phosphor-fan_%.bbappend
@@ -31,7 +31,7 @@ do_install:append:fb-withhost() {
     install -m 0755 -d ${D}/var/lib/phosphor-fan-presence/sensor-monitor
 
     install -d ${D}${libexecdir}/phosphor-fan-sensor-monitor
-    install -m 0777 ${WORKDIR}/host-poweroff ${D}${libexecdir}/phosphor-fan-sensor-monitor/
+    install -m 0755 ${WORKDIR}/host-poweroff ${D}${libexecdir}/phosphor-fan-sensor-monitor/
 }
 
 pkg_postinst:${PN}-sensor-monitor() {
diff --git a/meta-facebook/recipes-phosphor/gpio/phosphor-gpio-monitor_%.bbappend b/meta-facebook/recipes-phosphor/gpio/phosphor-gpio-monitor_%.bbappend
index c3e43eacc9..294fa42916 100644
--- a/meta-facebook/recipes-phosphor/gpio/phosphor-gpio-monitor_%.bbappend
+++ b/meta-facebook/recipes-phosphor/gpio/phosphor-gpio-monitor_%.bbappend
@@ -24,6 +24,6 @@ do_install:append:fb-compute-multihost() {
                     ${D}${systemd_system_unitdir}
 
     install -d ${D}${libexecdir}/phosphor-gpio-monitor
-    install -m 0777 ${WORKDIR}/ipmb-rescan-fru.sh ${D}${libexecdir}/phosphor-gpio-monitor/
+    install -m 0755 ${WORKDIR}/ipmb-rescan-fru.sh ${D}${libexecdir}/phosphor-gpio-monitor/
 }
 FILES:${PN} += "${systemd_system_unitdir}/obmc-ipmb-rescan-fru.service"
diff --git a/meta-facebook/recipes-phosphor/state/phosphor-state-manager_%.bbappend b/meta-facebook/recipes-phosphor/state/phosphor-state-manager_%.bbappend
index dc7fdecfcc..8d48c68917 100644
--- a/meta-facebook/recipes-phosphor/state/phosphor-state-manager_%.bbappend
+++ b/meta-facebook/recipes-phosphor/state/phosphor-state-manager_%.bbappend
@@ -49,15 +49,15 @@ do_install:append:greatlakes() {
     install -m 0644 ${WORKDIR}/*.service ${D}${systemd_system_unitdir}/
 
     install -d ${D}${libexecdir}/${PN}
-    install -m 0777 ${WORKDIR}/chassis-poweroff ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/chassis-poweron ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/chassis-powercycle ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/host-poweroff ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/host-poweron ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/host-powercycle ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/host-powerreset ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/power-cmd ${D}${libexecdir}/${PN}/
-    install -m 0777 ${WORKDIR}/power-ctrl-init ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/chassis-poweroff ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/chassis-poweron ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/chassis-powercycle ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/host-poweroff ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/host-poweron ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/host-powercycle ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/host-powerreset ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/power-cmd ${D}${libexecdir}/${PN}/
+    install -m 0755 ${WORKDIR}/power-ctrl-init ${D}${libexecdir}/${PN}/
 }
 
 FILES:${PN} += " ${systemd_system_unitdir}/*.service"
-- 
cgit v1.2.3