Must call audit_success before we change uids.

author Todd C. Miller <Todd.Miller@courtesan.com>

Sun, 10 May 2009 11:59:53 +0000 (11:59 +0000)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Sun, 10 May 2009 11:59:53 +0000 (11:59 +0000)
author Todd C. Miller <Todd.Miller@courtesan.com>
Sun, 10 May 2009 11:59:53 +0000 (11:59 +0000)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Sun, 10 May 2009 11:59:53 +0000 (11:59 +0000)
diff --git a/sudo.c b/sudo.c

index 1f4f236e311b00a14fe783ae9ca8d7c3dbcd7ddf..a3594b215e4c87b6c12725bdb0af77b0a4bb763f 100644 (file)
--- a/sudo.c
+++ b/sudo.c
@@ -482,6 +482,9 @@ main(argc, argv, envp)
         (void) setrlimit(RLIMIT_CORE, &corelimit);
  #endif /* RLIMIT_CORE && !SUDO_DEVEL */
  
+       /* Must audit before uid change. */
+       audit_success(NewArgv);
+
         /* Become specified user or root if executing a command. */
         if (ISSET(sudo_mode, MODE_RUN))
             set_perms(PERM_FULL_RUNAS);
@@ -529,7 +532,6 @@ main(argc, argv, envp)
  #ifndef PROFILING
         if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0) {
             syslog(LOG_AUTH|LOG_ERR, "fork");
-           audit_success(NewArgv);
             exit(0);
         } else {
  #ifdef HAVE_SELINUX
@@ -537,7 +539,6 @@ main(argc, argv, envp)
                 selinux_exec(user_role, user_type, NewArgv,
                     ISSET(sudo_mode, MODE_LOGIN_SHELL));
  #endif
-           audit_success(NewArgv);
             execv(safe_cmnd, NewArgv);
         }
  #else
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Sun, 10 May 2009 11:59:53 +0000 (11:59 +0000)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Sun, 10 May 2009 11:59:53 +0000 (11:59 +0000)