Hardening: Declare content of /usr/lib/grub as firmware files
Commit Message
This folder contains the neccessary files, which are written to
the MBR, dealing with EFI, or loading additional required grub
modules unless the whole grub menu can be displayed or a selected
OS will start up.
Some of these files are 32bit ELF files or do not have SSP etc.
So I would suggest to mark them as firmware files and therefore
skip some of the hardening tests.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
src/libpakfire/file.c | 1 +
1 file changed, 1 insertion(+)
@@ -1509,6 +1509,7 @@ static const struct pattern {
{ "*.pm", PAKFIRE_FILE_PERL },
{ "*.pc", PAKFIRE_FILE_PKGCONFIG },
{ "/usr/lib/firmware/*", PAKFIRE_FILE_FIRMWARE },
+ { "/usr/lib/grub/*", PAKFIRE_FILE_FIRMWARE },
{ "/usr/lib*/ld-*.so*", PAKFIRE_FILE_RUNTIME_LINKER },
{ NULL },
};