From 05bbf72c86a45a5acf7d1b36ea11e8fde4fa7e66 Mon Sep 17 00:00:00 2001
From: ycoheNvidia <99744138+ycoheNvidia@users.noreply.github.com>
Date: Sun, 16 Jul 2023 21:06:29 +0300
Subject: [PATCH] Reduced root directory privileges (#15147)

#### Why I did it
Reduced root directory privileges

#### How I did it
During build_debian - called chroot to reduce root directory and its subdirectories privileges to 744
#### How to verify it
After image build and upgrade - check /root privileges by calling "ls -a /root"

#### Description for the changelog
reduced /root directory privileges
---
 build_debian.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/build_debian.sh b/build_debian.sh
index 83d9a687cd..13e39ac736 100755
--- a/build_debian.sh
+++ b/build_debian.sh
@@ -786,6 +786,9 @@ sudo cp files/image_config/resolv-config/resolv.conf.head $FILESYSTEM_ROOT/etc/r
 
 sudo mksquashfs $FILESYSTEM_ROOT $FILESYSTEM_SQUASHFS -comp zstd -b 1M -e boot -e var/lib/docker -e $PLATFORM_DIR
 
+## Reduce /boot permission
+sudo chmod -R go-wx $FILESYSTEM_ROOT/boot
+
 # Ensure admin gid is 1000
 gid_user=$(sudo LANG=C chroot $FILESYSTEM_ROOT id -g $USERNAME) || gid_user="none"
 if [ "${gid_user}" != "1000" ]; then