From f08c03ab21126b2d3ef5d4c2e4e3f0eae14fa5c0 Mon Sep 17 00:00:00 2001
From: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Wed, 16 Oct 2019 15:39:23 +0000
Subject: [PATCH] Restrict sysfs/cpuinfo if the whitelist is disabled

---
 usr/lib/security-misc/hide-hardware-info | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/usr/lib/security-misc/hide-hardware-info b/usr/lib/security-misc/hide-hardware-info
index 0875ddb..6641c18 100755
--- a/usr/lib/security-misc/hide-hardware-info
+++ b/usr/lib/security-misc/hide-hardware-info
@@ -45,6 +45,7 @@ do
       if [ "${sysfs_whitelist}" = "1" ]; then
         create_whitelist sysfs
       else
+        chmod og-rwx /sys
         echo "INFO: The sysfs whitelist is not enabled. Some things may not work properly."
       fi
     elif [ "${i}" = "/proc/cpuinfo" ]; then
@@ -52,6 +53,7 @@ do
       if [ "${cpuinfo_whitelist}" = "1" ]; then
         create_whitelist cpuinfo
       else
+        chmod og-rwx /proc/cpuinfo
         echo "INFO: The cpuinfo whitelist is not enabled. Some things may not work properly."
       fi
     else