From 1ffa8e197e9ba9722d5fb2695de343df9d9db597 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri, 20 Dec 2019 10:31:26 -0500
Subject: [PATCH] speed up setuid removal by using find with '-perm /u=s,g=s'

https://forums.whonix.org/t/permission-hardening/8655/19
---
 usr/lib/security-misc/permission-hardening | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/usr/lib/security-misc/permission-hardening b/usr/lib/security-misc/permission-hardening
index 302ccc9..a11ca77 100755
--- a/usr/lib/security-misc/permission-hardening
+++ b/usr/lib/security-misc/permission-hardening
@@ -18,7 +18,7 @@ echo_wrapper() {
 
 add_nosuid_statoverride_entry() {
   fso_to_process="${fso_without_trailing_slash}/"
-  should_be_counter="$(find "$fso_to_process" | wc -l)"
+  should_be_counter="$(find "$fso_to_process" -perm /u=s,g=s | wc -l)"
   counter_actual=0
 
   while read -r line; do
@@ -119,7 +119,7 @@ add_nosuid_statoverride_entry() {
 
   ## /lib will hit ARG_MAX.
   ## https://forums.whonix.org/t/kernel-hardening/7296/326
-  done < <( find "$fso_to_process" -print0 | xargs -I{} -0 stat -c "%n %a %U %G" {} )
+  done < <( find "$fso_to_process" -perm /u=s,g=s -print0 | xargs -I{} -0 stat -c "%n %a %U %G" {} )
 
   ## Sanity test.
   if [ ! "$should_be_counter" = "$counter_actual" ]; then