From 383e0c860ba3af0712fcfc504ebe6558680453e7 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Fri, 27 Jul 2012 16:22:09 -0400
Subject: [PATCH] Fix printing of the permission denied message to standard
 error when a user is not allowed to run a command.  This got broken by the
 recent logging changes.

---
 plugins/sudoers/logging.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c
index 239a60436..8ad8e5cb6 100644
--- a/plugins/sudoers/logging.c
+++ b/plugins/sudoers/logging.c
@@ -310,7 +310,7 @@ void
 log_failure(int status, int flags)
 {
     debug_decl(log_failure, SUDO_DEBUG_LOGGING)
-    bool inform_user;
+    bool inform_user = true;
 
     /* Handle auditing first. */
     if (ISSET(status, FLAG_NO_USER | FLAG_NO_HOST))
@@ -319,7 +319,9 @@ log_failure(int status, int flags)
 	audit_failure(NewArgv, _("validation failure"));
 
     /* The user doesn't always get to see the log message (path info). */
-    inform_user = def_path_info && (flags == NOT_FOUND_DOT || flags == NOT_FOUND);
+    if (!ISSET(status, FLAG_NO_USER | FLAG_NO_HOST) && def_path_info &&
+	(flags == NOT_FOUND_DOT || flags == NOT_FOUND))
+	inform_user = false;
     log_denial(status, inform_user);
 
     if (!inform_user) {
-- 
2.40.0