From a1e78e8515a87ebc8fc2211b3e1e91824fd3865a Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon, 23 Dec 2019 01:20:56 -0500
Subject: [PATCH] fix needlessly re-adding entries

---
 usr/lib/security-misc/permission-hardening | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/usr/lib/security-misc/permission-hardening b/usr/lib/security-misc/permission-hardening
index 1b8046d..5a02e07 100755
--- a/usr/lib/security-misc/permission-hardening
+++ b/usr/lib/security-misc/permission-hardening
@@ -339,9 +339,15 @@ set_file_perms() {
          ## root root 755 /home
          ##
          ## dpkg-statoverride does not show leading '0'.
-         if dpkg-statoverride --list "$fso_without_trailing_slash" >/dev/null ; then
+         local dpkg_statoverride_list_output=""
+         local dpkg_statoverride_list_exit_code=0
+         dpkg_statoverride_list_output="$(dpkg-statoverride --list "$fso_without_trailing_slash")" || { dpkg_statoverride_list_exit_code=$? ; true; };
+
+         if [ "$dpkg_statoverride_list_exit_code" = "0" ]; then
             true "There is an fso entry. Check if owner/group/mode match."
-            if dpkg-statoverride --list | grep -q "$owner_from_config $group_from_config $mode_for_grep $fso_without_trailing_slash" ; then
+            local grep_line
+            grep_line="$owner_from_config $group_from_config $mode_for_grep $fso_without_trailing_slash"
+            if echo "$dpkg_statoverride_list_output" | grep -q "$grep_line" ; then
                true "OK The owner/group/mode matches. No further action required."
             else
                true "The owner/group/mode do not match, therefore remove and re-add the entry to update it."