Initialize the debug subsystem in sudoers early. Currently this

means iterating over the settings list twice.

plugins/sudoers/iolog.c

@@ -590,9 +590,7 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation,
     sudo_setpwent();
     sudo_setgrent();
 
-    /*
-     * Check for debug flags in settings list.
-     */
+    /* Initialize the debug subsystem.  */
     for (cur = settings; *cur != NULL; cur++) {
 	if (strncmp(*cur, "debug_flags=", sizeof("debug_flags=") - 1) == 0) {
 	    sudoers_debug_parse_flags(&debug_files,

plugins/sudoers/policy.c

@@ -90,8 +90,6 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group)
     char * const *cur;
     const char *p, *errstr, *groups = NULL;
     const char *remhost = NULL;
-    const char *plugin_path = NULL;
-    struct sudo_conf_debug_file_list debug_files = TAILQ_HEAD_INITIALIZER(debug_files);
     int flags = 0;
     debug_decl(sudoers_policy_deserialize_info, SUDOERS_DEBUG_PLUGIN, sudoers_debug_instance)
 
@@ -155,11 +153,6 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group)
 	    }
 	    continue;
 	}
-	if (MATCHES(*cur, "debug_flags=")) {
-	    sudoers_debug_parse_flags(&debug_files,
-		*cur + sizeof("debug_flags=") - 1);
-	    continue;
-	}
 	if (MATCHES(*cur, "runas_user=")) {
 	    *runas_user = *cur + sizeof("runas_user=") - 1;
 	    sudo_user.flags |= RUNAS_USER_SPECIFIED;
@@ -276,10 +269,6 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group)
 	    remhost = *cur + sizeof("remote_host=") - 1;
 	    continue;
 	}
-	if (MATCHES(*cur, "plugin_path=")) {
-	    plugin_path = *cur + sizeof("plugin_path=") - 1;
-	    continue;
-	}
     }
 
     for (cur = info->user_info; *cur != NULL; cur++) {
@@ -374,9 +363,6 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group)
     user_umask = umask(SUDO_UMASK);
     umask(user_umask);
 
-    /* Setup debugging if indicated. (XXX - do earlier) */
-    sudoers_debug_register(&debug_files, plugin_path);
-
     /* Dump settings and user info (XXX - plugin args) */
     for (cur = info->settings; *cur != NULL; cur++)
 	sudo_debug_printf(SUDO_DEBUG_INFO, "settings: %s", *cur);
@@ -537,7 +523,10 @@ sudoers_policy_open(unsigned int version, sudo_conv_t conversation,
     sudo_printf_t plugin_printf, char * const settings[],
     char * const user_info[], char * const envp[], char * const args[])
 {
+    struct sudo_conf_debug_file_list debug_files = TAILQ_HEAD_INITIALIZER(debug_files);
     struct sudoers_policy_open_info info;
+    const char *plugin_path = NULL;
+    char * const *cur;
     debug_decl(sudoers_policy_open, SUDOERS_DEBUG_PLUGIN, sudoers_debug_instance)
 
     sudo_version = version;
@@ -548,6 +537,20 @@ sudoers_policy_open(unsigned int version, sudo_conv_t conversation,
     if (sudo_version < SUDO_API_MKVERSION(1, 2))
 	args = NULL;
 
+    /* Initialize the debug subsystem.  */
+    for (cur = settings; *cur != NULL; cur++) {
+	if (strncmp(*cur, "debug_flags=", sizeof("debug_flags=") - 1) == 0) {
+	    sudoers_debug_parse_flags(&debug_files,
+		*cur + sizeof("debug_flags=") - 1);
+	    continue;
+	}
+	if (strncmp(*cur, "plugin_path=", sizeof("plugin_path=") - 1) == 0) {
+	    plugin_path = *cur + sizeof("plugin_path=") - 1;
+	    continue;
+	}
+    }
+    sudoers_debug_register(&debug_files, plugin_path);
+
     /* Call the sudoers init function. */
     info.settings = settings;
     info.user_info = user_info;