From d486db46cf25f09b19aeb9109d58531f3a3d2d33 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 25 Jul 2023 13:56:08 -0600 Subject: [PATCH] Fix user warning message for "sudo -l command" when not allowed. Reported by the sudo-rs project. There was a missing space between "list" and the actual command. This also changes the output to include the command as specified by the user, not the path found in the path. Previously, if the command did not exist it would not be included in the message. --- plugins/sudoers/logging.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c index 103dc6c8a..23537ae5b 100644 --- a/plugins/sudoers/logging.c +++ b/plugins/sudoers/logging.c @@ -321,9 +321,17 @@ log_denial(unsigned int status, bool inform_user) sudo_printf(SUDO_CONV_ERROR_MSG, _("Sorry, user %s may not run " "sudo on %s.\n"), user_name, user_srunhost); } else { + const char *cmnd1 = user_cmnd; + const char *cmnd2 = ""; + + if (ISSET(sudo_mode, MODE_CHECK)) { + /* For "sudo -l command" the command run is in NewArgv[1]. */ + cmnd1 = "list "; + cmnd2 = NewArgv[1]; + } sudo_printf(SUDO_CONV_ERROR_MSG, _("Sorry, user %s is not allowed " "to execute '%s%s%s%s' as %s%s%s on %s.\n"), - user_name, user_cmnd, list_cmnd ? list_cmnd : "", + user_name, cmnd1, cmnd2, user_args ? " " : "", user_args ? user_args : "", list_pw ? list_pw->pw_name : runas_pw ? runas_pw->pw_name : user_name, runas_gr ? ":" : "",