Call PyImport_AppendInittab after pre-initialization.

Also remove redundant PyConfig settings.

plugins/python/python_plugin_common.c

@@ -366,21 +366,28 @@ _python_plugin_register_plugin_in_py_ctx(void)
     debug_decl(_python_plugin_register_plugin_in_py_ctx, PYTHON_DEBUG_PLUGIN_LOAD);
 
     if (!Py_IsInitialized()) {
-        if (_save_inittab() != SUDO_RC_OK)
-            debug_return_int(SUDO_RC_ERROR);
-        PyImport_AppendInittab("sudo", sudo_module_init);
-
         // Disable environment variables effecting the python interpreter
         // This is important since we are running code here as root, the
         // user should not be able to alter what is running any how.
 #if (PY_MAJOR_VERSION > 3) || (PY_MINOR_VERSION >= 8)
 	PyStatus status;
+	PyPreConfig preconfig;
 	PyConfig config;
 
+	PyPreConfig_InitPythonConfig(&preconfig);
+	preconfig.isolated = 1;
+	preconfig.use_environment = 0;
+	status = Py_PreInitialize(&preconfig);
+	if (PyStatus_Exception(status))
+            debug_return_int(SUDO_RC_ERROR);
+
+	/* Inittab changes happen after pre-init but before init. */
+        if (_save_inittab() != SUDO_RC_OK)
+            debug_return_int(SUDO_RC_ERROR);
+        PyImport_AppendInittab("sudo", sudo_module_init);
+
 	PyConfig_InitPythonConfig(&config);
 	config.isolated = 1;
-	config.use_environment = 0;
-	config.user_site_directory = 0;
 	status = Py_InitializeFromConfig(&config);
 	PyConfig_Clear(&config);
 	if (PyStatus_Exception(status))
@@ -390,6 +397,9 @@ _python_plugin_register_plugin_in_py_ctx(void)
         Py_IsolatedFlag = 1;
         Py_NoUserSiteDirectory = 1;
 
+        if (_save_inittab() != SUDO_RC_OK)
+            debug_return_int(SUDO_RC_ERROR);
+        PyImport_AppendInittab("sudo", sudo_module_init);
         Py_InitializeEx(0);
 #endif
         py_ctx.py_main_interpreter = PyThreadState_Get();