From 2c163bf4398d67730efb23d70e2f9fc41ebb0459 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri, 20 Dec 2019 02:39:53 -0500
Subject: [PATCH] check string length of permission variable

https://forums.whonix.org/t/kernel-hardening/7296/322
---
 usr/lib/security-misc/permission-hardening | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/usr/lib/security-misc/permission-hardening b/usr/lib/security-misc/permission-hardening
index 107ea11..2adc043 100755
--- a/usr/lib/security-misc/permission-hardening
+++ b/usr/lib/security-misc/permission-hardening
@@ -25,7 +25,14 @@ add_statoverride_entry() {
       fi
 
       if test -u "${file_name}" || test -g "${file_name}"; then
-        echo "suid - file_name: '${file_name}' | existing_mode: '${existing_mode}' | existing_mode:1: '${existing_mode:1}'"
+        string_length_of_existing_mode="${#existing_mode}"
+        if [ "$string_length_of_existing_mode" = "4" ]; then
+          newmode="${existing_mode:1}"
+        else
+          newmode="${existing_mode}"
+        fi
+
+        echo "suid - file_name: '${file_name}' | existing_mode: '${existing_mode}' | newmode: '$newmode'"
 
         if dpkg-statoverride --list | grep -q "${file_name}"; then
           if ! dpkg-statoverride --list | grep -q "${owner} ${group} ${existing_mode:1} ${file_name}"; then