Prepend "list " to the command logged when "sudo -l command" is

used to make it clear that the command was listed, not run.

diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c
index 4453dcfef17e693d7a2e5a1f675f114cb59757b7..d550d5030482e80ac117e33953905608f41d3343 100644 (file)
--- a/plugins/sudoers/logging.c
+++ b/plugins/sudoers/logging.c
@@ -630,7 +630,10 @@ new_logline(const char *message, int serrno)
        len += sizeof(LL_ENV_STR) + 2 + evlen;
     }
     if (user_cmnd != NULL) {
+       /* Note: we log "sudo -l command arg ..." as "list command arg ..." */
        len += sizeof(LL_CMND_STR) - 1 + strlen(user_cmnd);
+       if (ISSET(sudo_mode, MODE_CHECK))
+           len += sizeof("list ") - 1;
        if (user_args != NULL)
            len += strlen(user_args) + 1;
     }
@@ -685,8 +688,11 @@ new_logline(const char *message, int serrno)
        efree(evstr);
     }
     if (user_cmnd != NULL) {
-       if (strlcat(line, LL_CMND_STR, len) >= len ||
-           strlcat(line, user_cmnd, len) >= len)
+       if (strlcat(line, LL_CMND_STR, len) >= len)
+           goto toobig;
+       if (ISSET(sudo_mode, MODE_CHECK) && strlcat(line, "list ", len) >= len)
+           goto toobig;
+       if (strlcat(line, user_cmnd, len) >= len)
            goto toobig;
        if (user_args != NULL) {
            if (strlcat(line, " ", len) >= len ||