From b3458cc6ee368968de1510e9d05ddd3791fe5f6d Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri, 20 Dec 2019 10:45:59 -0500
Subject: [PATCH] fix checking existing entries to avoid needless calls to
 dpkg-statoverride

---
 usr/lib/security-misc/permission-hardening | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/usr/lib/security-misc/permission-hardening b/usr/lib/security-misc/permission-hardening
index a2b98ca..85cf3b9 100755
--- a/usr/lib/security-misc/permission-hardening
+++ b/usr/lib/security-misc/permission-hardening
@@ -198,10 +198,17 @@ set_file_perms() {
          continue
       fi
 
+      mode_for_grep="$mode_from_config"
+      first_character_of_mode_from_config="${mode_from_config::1}"
+      if [ "$first_character_of_mode_from_config" = "0" ]; then
+         ## Remove leading '0'.
+         mode_for_grep="${mode_from_config:1}"
+      fi
+
       ## Check there is an entry for the fso.
       if dpkg-statoverride --list | grep -q "$fso_without_trailing_slash"; then
         ## There is an fso entry. Check if owner/group/mode match.
-        if dpkg-statoverride --list | grep -q "$owner $group $mode_from_config $fso_without_trailing_slash"; then
+        if dpkg-statoverride --list | grep -q "$owner $group $mode_for_grep $fso_without_trailing_slash"; then
           ## The owner/group/mode matches. No further action required.
           true OK
         else