Skip to content

Commit 2b87749

Browse files
millertmillert
committed
Only log the run environment for commands that are allowed.
It may not be available otherwise and unless the command is being run it has no real meaning.
1 parent 0778262 commit 2b87749

2 files changed

Lines changed: 6 additions & 8 deletions

File tree

plugins/sudoers/audit.c

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -418,8 +418,7 @@ sudoers_audit_reject(const char *plugin_name, unsigned int plugin_type,
418418
ret = false;
419419
}
420420

421-
audit_to_eventlog(ctx, &evlog, command_info, ctx->runas.argv, env_get(),
422-
NULL);
421+
audit_to_eventlog(ctx, &evlog, command_info, ctx->runas.argv, NULL, NULL);
423422
if (!eventlog_reject(&evlog, 0, message, NULL, NULL))
424423
ret = false;
425424

@@ -453,8 +452,7 @@ sudoers_audit_error(const char *plugin_name, unsigned int plugin_type,
453452
debug_return_bool(false);
454453
}
455454

456-
audit_to_eventlog(ctx, &evlog, command_info, ctx->runas.argv, env_get(),
457-
NULL);
455+
audit_to_eventlog(ctx, &evlog, command_info, ctx->runas.argv, NULL, NULL);
458456
if (!eventlog_alert(&evlog, 0, &now, message, NULL))
459457
ret = false;
460458

plugins/sudoers/logging.c

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -267,7 +267,7 @@ log_reject(const struct sudoers_context *ctx, const char *message,
267267
SET(evl_flags, EVLOG_MAIL_ONLY);
268268
}
269269
sudoers_to_eventlog(ctx, &evlog, ctx->runas.cmnd, ctx->runas.argv,
270-
env_get(), uuid_str);
270+
NULL, uuid_str);
271271
ret = eventlog_reject(&evlog, evl_flags, message, NULL, NULL);
272272
if (!log_server_reject(ctx, &evlog, message))
273273
ret = false;
@@ -636,7 +636,7 @@ log_exit_status(const struct sudoers_context *ctx, int status)
636636
sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
637637

638638
sudoers_to_eventlog(ctx, &evlog, ctx->runas.cmnd_saved,
639-
ctx->runas.argv_saved, env_get(), ctx->uuid_str);
639+
ctx->runas.argv_saved, NULL, ctx->uuid_str);
640640
if (def_mail_always) {
641641
SET(evl_flags, EVLOG_MAIL);
642642
if (!def_log_exit_status)
@@ -740,7 +740,7 @@ vlog_warning(const struct sudoers_context *ctx, unsigned int flags,
740740
SET(evl_flags, EVLOG_MAIL_ONLY);
741741
}
742742
sudoers_to_eventlog(ctx, &evlog, ctx->runas.cmnd, ctx->runas.argv,
743-
env_get(), ctx->uuid_str);
743+
NULL, ctx->uuid_str);
744744
if (!eventlog_alert(&evlog, evl_flags, &now, message, errstr))
745745
ret = false;
746746
if (!log_server_alert(ctx, &evlog, &now, message, errstr))
@@ -860,7 +860,7 @@ mail_parse_errors(const struct sudoers_context *ctx)
860860
goto done;
861861
}
862862
sudoers_to_eventlog(ctx, &evlog, ctx->runas.cmnd, ctx->runas.argv,
863-
env_get(), ctx->uuid_str);
863+
NULL, ctx->uuid_str);
864864

865865
/* Convert parse_error_list to a string vector. */
866866
n = 0;

0 commit comments

Comments
 (0)