From a32a54dced422b9b40970b182646c16e40c82fa9 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Wed, 25 Jan 2023 10:31:49 -0700
Subject: [PATCH] Correct error message when command doesn't exist in intercept
 mode. Previously, we would always use EACCES, even when ENOENT was
 appropriate.  This also affected log_subcmds.

---
 src/exec_intercept.c | 2 +-
 src/exec_ptrace.c    | 7 +++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/exec_intercept.c b/src/exec_intercept.c
index 09ca2378f..184612449 100644
--- a/src/exec_intercept.c
+++ b/src/exec_intercept.c
@@ -407,7 +407,7 @@ intercept_check_policy(const char *command, int argc, char **argv, int envc,
      */
     if (stat(command, &sb) == -1) {
 	closure->errstr = NULL;
-	closure->state = POLICY_REJECT;
+	closure->state = POLICY_ERROR;
 	goto done;
     }
 
diff --git a/src/exec_ptrace.c b/src/exec_ptrace.c
index 379027618..9b3dafb75 100644
--- a/src/exec_ptrace.c
+++ b/src/exec_ptrace.c
@@ -1920,9 +1920,12 @@ ptrace_intercept_execve(pid_t pid, struct intercept_closure *closure)
 	    }
 	}
 	break;
-    default:
+    case POLICY_REJECT:
 	/* If rejected, fake the syscall and set return to EACCES */
-	ptrace_fail_syscall(pid, &regs, EACCES);
+	errno = EACCES;
+	FALLTHROUGH;
+    default:
+	ptrace_fail_syscall(pid, &regs, errno);
 	break;
     }