From 3921846df6e21a80d87f451e89f96f5b3092dd53 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat, 21 Dec 2019 14:36:42 -0500
Subject: [PATCH] comment

---
 usr/lib/security-misc/permission-hardening | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/usr/lib/security-misc/permission-hardening b/usr/lib/security-misc/permission-hardening
index 264a370..8e541ff 100755
--- a/usr/lib/security-misc/permission-hardening
+++ b/usr/lib/security-misc/permission-hardening
@@ -200,9 +200,9 @@ add_nosuid_statoverride_entry() {
       echo_wrapper_silent_audit dpkg-statoverride $dpkg_admindir_parameter_new_mode --add "$existing_owner" "$existing_group" "$new_mode" "$file_name"
     fi
 
-  ## /lib will hit ARG_MAX.
-  ## That was before using '-perm /u=s,g=s'.
-  ## https://forums.whonix.org/t/kernel-hardening/7296/326
+  ## /lib will hit ARG_MAX if using bash 'shopt -s globstar' and '/lib/**'.
+  ## Using 'find' with '-perm /u=s,g=s' is faster and avoids ARG_MAX.
+  ## https://forums.whonix.org/t/disable-suid-binaries/7706/17
   done < <( find "$fso_to_process" -perm /u=s,g=s -print0 | xargs -I{} -0 stat -c "%n %a %U %G" {} )
 
   ## Sanity test.