Save the initial command run via sudo and use it when logging exit status.

Otherwise, if we are in intercept mode or logging sub-commands the exit status will be logged with the wrong command.
2022-06-30 11:10:43 -06:00
parent 3badff39ca
commit 885abf48d7
5 changed files with 33 additions and 12 deletions
--- a/plugins/sudoers/audit.c
+++ b/plugins/sudoers/audit.c
@@ -208,7 +208,7 @@ audit_to_eventlog(struct eventlog *evlog, char * const command_info[],
    debug_decl(audit_to_eventlog, SUDOERS_DEBUG_PLUGIN);

    /* Fill in evlog from sudoers Defaults, run_argv and run_envp. */
-    sudoers_to_eventlog(evlog, run_argv, run_envp, uuid_str);
+    sudoers_to_eventlog(evlog, NULL, run_argv, run_envp, uuid_str);

    /* Update iolog and execution environment from command_info[]. */
    if (command_info != NULL) {