Log the runcwd not submitcwd in the sudo-style log file.

The log entry should reflect the working directory the command
actually ran in.

logsrvd/eventlog.c

@@ -114,7 +114,7 @@ new_logline(const char *message, const char *errstr,
 	len += strlen(errstr) + 3;
     len += sizeof(LL_HOST_STR) + 2 + strlen(details->submithost);
     len += sizeof(LL_TTY_STR) + 2 + strlen(details->ttyname);
-    len += sizeof(LL_CWD_STR) + 2 + strlen(details->cwd);
+    len += sizeof(LL_CWD_STR) + 2 + strlen(details->runcwd);
     if (details->runuser != NULL)
 	len += sizeof(LL_USER_STR) + 2 + strlen(details->runuser);
     if (details->rungroup != NULL)
@@ -175,7 +175,7 @@ new_logline(const char *message, const char *errstr,
 	strlcat(line, " ; ", len) >= len)
 	goto toobig;
     if (strlcat(line, LL_CWD_STR, len) >= len ||
-	strlcat(line, details->cwd, len) >= len ||
+	strlcat(line, details->runcwd, len) >= len ||
 	strlcat(line, " ; ", len) >= len)
 	goto toobig;
     if (details->runuser != NULL) {

logsrvd/iolog_writer.c

@@ -422,6 +422,14 @@ iolog_details_fill(struct iolog_details *details, TimeSpec *submit_time,
 	    goto done;
 	}
     }
+    if (details->runcwd == NULL) {
+	if ((details->runcwd = strdup(details->cwd)) == NULL) {
+	    sudo_debug_printf(
+		SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
+		"strdup");
+	    goto done;
+	}
+    }
     if (details->submitgroup == NULL) {
 	/* TODO: make submitgroup required */
 	if ((details->submitgroup = strdup("unknown")) == NULL) {

plugins/sudoers/logging.c

@@ -978,7 +978,7 @@ new_logline(const char *message, const char *errstr)
     if (errstr != NULL)
 	len += strlen(errstr) + 3;
     len += sizeof(LL_TTY_STR) + 2 + strlen(user_tty);
-    len += sizeof(LL_CWD_STR) + 2 + strlen(user_cwd);
+    len += sizeof(LL_CWD_STR) + 2 + strlen(user_runcwd);
     if (runas_pw != NULL)
 	len += sizeof(LL_USER_STR) + 2 + strlen(runas_pw->pw_name);
     if (runas_gr != NULL)
@@ -1033,7 +1033,7 @@ new_logline(const char *message, const char *errstr)
 	strlcat(line, " ; ", len) >= len)
 	goto toobig;
     if (strlcat(line, LL_CWD_STR, len) >= len ||
-	strlcat(line, user_cwd, len) >= len ||
+	strlcat(line, user_runcwd, len) >= len ||
 	strlcat(line, " ; ", len) >= len)
 	goto toobig;
     if (runas_pw != NULL) {

plugins/sudoers/policy.c

@@ -476,6 +476,10 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group)
 	if ((user_cwd = strdup("unknown")) == NULL)
 	    goto oom;
     }
+    if (user_runcwd == NULL) {
+	if ((user_runcwd = strdup(user_cwd)) == NULL)
+	    goto oom;
+    }
     if (user_tty == NULL) {
 	if ((user_tty = strdup("unknown")) == NULL)
 	    goto oom;

plugins/sudoers/sudoers.c

@@ -405,9 +405,12 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
 	    goto bad;
 	}
 	free(def_runchroot);
-	def_runchroot = user_runchroot;
+	if ((def_runchroot = strdup(user_runchroot)) == NULL) {
+	    sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
+	    goto done;
+	}
     }
-    if (user_runcwd != NULL) {
+    if (strcmp(user_cwd, user_runcwd) != 0) {
 	if (def_runcwd == NULL || strcmp(def_runcwd, "*") != 0) {
 	    audit_failure(NewArgv,
 		N_("user not allowed to change directory to %s"), user_runcwd);
@@ -415,7 +418,10 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
 	    goto bad;
 	}
 	free(def_runcwd);
-	def_runcwd = user_runcwd;
+	if ((def_runcwd = strdup(user_runcwd)) == NULL) {
+	    sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
+	    goto done;
+	}
     }
 
     /*

plugins/sudoers/sudoers.h

@@ -82,6 +82,7 @@ struct sudo_user {
     struct passwd *_runas_pw;
     struct group *_runas_gr;
     struct stat *cmnd_stat;
+    char *cwd;
     char *name;
     char *path;
     char *tty;
@@ -109,7 +110,6 @@ struct sudo_user {
     char *privs;
     char *limitprivs;
 #endif
-    const char *cwd;
     char *iolog_file;
     GETGROUPS_T *gids;
     int   execfd;