Replace '/' with '_' in paths using the user, group, host or command.

millert · millert · commit 186f94507f12 · 2025-11-11T16:04:53.000-07:00
This is consistent with how the sudoers I/O logging module works. Also make %{command} expand to the command's basename to match the sudo I/O logging module. Found by the ZeroPath AI Security Engineer <https://zeropath.com>
diff --git a/logsrvd/iolog_writer.c b/logsrvd/iolog_writer.c
@@ -486,7 +486,7 @@ fill_user(char * restrict str, size_t strsize, void * restrict v)
 	sudo_warnx(U_("%s: %s is not set"), __func__, "submituser");
 	debug_return_size_t(strsize);
     }
-    debug_return_size_t(strlcpy(str, evlog->submituser, strsize));
+    debug_return_size_t(strlcpy_no_slash(str, evlog->submituser, strsize));
 }
 
 static size_t
@@ -500,7 +500,7 @@ fill_group(char * restrict str, size_t strsize, void * restrict v)
 	sudo_warnx(U_("%s: %s is not set"), __func__, "submitgroup");
 	debug_return_size_t(strsize);
     }
-    debug_return_size_t(strlcpy(str, evlog->submitgroup, strsize));
+    debug_return_size_t(strlcpy_no_slash(str, evlog->submitgroup, strsize));
 }
 
 static size_t
@@ -514,7 +514,7 @@ fill_runas_user(char * restrict str, size_t strsize, void * restrict v)
 	sudo_warnx(U_("%s: %s is not set"), __func__, "runuser");
 	debug_return_size_t(strsize);
     }
-    debug_return_size_t(strlcpy(str, evlog->runuser, strsize));
+    debug_return_size_t(strlcpy_no_slash(str, evlog->runuser, strsize));
 }
 
 static size_t
@@ -529,7 +529,7 @@ fill_runas_group(char * restrict str, size_t strsize, void * restrict v)
 	sudo_warnx(U_("%s: %s is not set"), __func__, "rungroup");
 	debug_return_size_t(strsize);
     }
-    debug_return_size_t(strlcpy(str, evlog->rungroup, strsize));
+    debug_return_size_t(strlcpy_no_slash(str, evlog->rungroup, strsize));
 }
 
 static size_t
@@ -543,21 +543,23 @@ fill_hostname(char * restrict str, size_t strsize, void * restrict v)
 	sudo_warnx(U_("%s: %s is not set"), __func__, "submithost");
 	debug_return_size_t(strsize);
     }
-    debug_return_size_t(strlcpy(str, evlog->submithost, strsize));
+    debug_return_size_t(strlcpy_no_slash(str, evlog->submithost, strsize));
 }
 
 static size_t
 fill_command(char * restrict str, size_t strsize, void * restrict v)
 {
     struct iolog_path_closure *closure = v;
     const struct eventlog *evlog = closure->evlog;
+    const char *cmnd_base;
     debug_decl(fill_command, SUDO_DEBUG_UTIL);
 
     if (evlog->command == NULL) {
 	sudo_warnx(U_("%s: %s is not set"), __func__, "command");
 	debug_return_size_t(strsize);
     }
-    debug_return_size_t(strlcpy(str, evlog->command, strsize));
+    cmnd_base = sudo_basename(evlog->command);
+    debug_return_size_t(strlcpy_no_slash(str, cmnd_base, strsize));
 }
 
 /* Note: "seq" must be first in the list. */

Original file line number	Diff line number	Diff line change
`@@ -486,7 +486,7 @@ fill_user(char * restrict str, size_t strsize, void * restrict v)`
`486`	`486`	`sudo_warnx(U_("%s: %s is not set"), __func__, "submituser");`
`487`	`487`	`debug_return_size_t(strsize);`
`488`	`488`	`}`
`489`		`- debug_return_size_t(strlcpy(str, evlog->submituser, strsize));`
	`489`	`+ debug_return_size_t(strlcpy_no_slash(str, evlog->submituser, strsize));`
`490`	`490`	`}`
`491`	`491`
`492`	`492`	`static size_t`
`@@ -500,7 +500,7 @@ fill_group(char * restrict str, size_t strsize, void * restrict v)`
`500`	`500`	`sudo_warnx(U_("%s: %s is not set"), __func__, "submitgroup");`
`501`	`501`	`debug_return_size_t(strsize);`
`502`	`502`	`}`
`503`		`- debug_return_size_t(strlcpy(str, evlog->submitgroup, strsize));`
	`503`	`+ debug_return_size_t(strlcpy_no_slash(str, evlog->submitgroup, strsize));`
`504`	`504`	`}`
`505`	`505`
`506`	`506`	`static size_t`
`@@ -514,7 +514,7 @@ fill_runas_user(char * restrict str, size_t strsize, void * restrict v)`
`514`	`514`	`sudo_warnx(U_("%s: %s is not set"), __func__, "runuser");`
`515`	`515`	`debug_return_size_t(strsize);`
`516`	`516`	`}`
`517`		`- debug_return_size_t(strlcpy(str, evlog->runuser, strsize));`
	`517`	`+ debug_return_size_t(strlcpy_no_slash(str, evlog->runuser, strsize));`
`518`	`518`	`}`
`519`	`519`
`520`	`520`	`static size_t`
`@@ -529,7 +529,7 @@ fill_runas_group(char * restrict str, size_t strsize, void * restrict v)`
`529`	`529`	`sudo_warnx(U_("%s: %s is not set"), __func__, "rungroup");`
`530`	`530`	`debug_return_size_t(strsize);`
`531`	`531`	`}`
`532`		`- debug_return_size_t(strlcpy(str, evlog->rungroup, strsize));`
	`532`	`+ debug_return_size_t(strlcpy_no_slash(str, evlog->rungroup, strsize));`
`533`	`533`	`}`
`534`	`534`
`535`	`535`	`static size_t`
`@@ -543,21 +543,23 @@ fill_hostname(char * restrict str, size_t strsize, void * restrict v)`
`543`	`543`	`sudo_warnx(U_("%s: %s is not set"), __func__, "submithost");`
`544`	`544`	`debug_return_size_t(strsize);`
`545`	`545`	`}`
`546`		`- debug_return_size_t(strlcpy(str, evlog->submithost, strsize));`
	`546`	`+ debug_return_size_t(strlcpy_no_slash(str, evlog->submithost, strsize));`
`547`	`547`	`}`
`548`	`548`
`549`	`549`	`static size_t`
`550`	`550`	`fill_command(char * restrict str, size_t strsize, void * restrict v)`
`551`	`551`	`{`
`552`	`552`	`struct iolog_path_closure *closure = v;`
`553`	`553`	`const struct eventlog *evlog = closure->evlog;`
	`554`	`+ const char *cmnd_base;`
`554`	`555`	`debug_decl(fill_command, SUDO_DEBUG_UTIL);`
`555`	`556`
`556`	`557`	`if (evlog->command == NULL) {`
`557`	`558`	`sudo_warnx(U_("%s: %s is not set"), __func__, "command");`
`558`	`559`	`debug_return_size_t(strsize);`
`559`	`560`	`}`
`560`		`- debug_return_size_t(strlcpy(str, evlog->command, strsize));`
	`561`	`+ cmnd_base = sudo_basename(evlog->command);`
	`562`	`+ debug_return_size_t(strlcpy_no_slash(str, cmnd_base, strsize));`
`561`	`563`	`}`
`562`	`564`
`563`	`565`	`/* Note: "seq" must be first in the list. */`