Use O_NOFOLLOW in places where we don't expect a symlink.

millert · millert · commit ce132896ac15 · 2026-02-06T19:56:42.000-07:00
This means things like the I/O log files and when we are
creating new files.
diff --git a/lib/iolog/iolog_loginfo.c b/lib/iolog/iolog_loginfo.c
@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2009-2020 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2009-2023, 2025-2026 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -49,14 +49,14 @@ iolog_parse_loginfo(int dfd, const char *iolog_dir)
     debug_decl(iolog_parse_loginfo, SUDO_DEBUG_UTIL);
 
     if (dfd == -1) {
-	if ((tmpfd = open(iolog_dir, O_RDONLY|O_DIRECTORY)) == -1) {
+	if ((tmpfd = open(iolog_dir, O_RDONLY|O_DIRECTORY|O_NOFOLLOW)) == -1) {
 	    sudo_warn("%s", iolog_dir);
 	    goto bad;
 	}
 	dfd = tmpfd;
     }
-    if ((fd = openat(dfd, "log.json", O_RDONLY, 0)) == -1) {
-	fd = openat(dfd, "log", O_RDONLY, 0);
+    if ((fd = openat(dfd, "log.json", O_RDONLY|O_NOFOLLOW, 0)) == -1) {
+	fd = openat(dfd, "log", O_RDONLY|O_NOFOLLOW, 0);
 	legacy = true;
     }
     if (tmpfd != -1)
@@ -103,7 +103,7 @@ iolog_write_info_file_legacy(int dfd, struct eventlog *evlog)
     int error, fd;
     debug_decl(iolog_info_write_log, SUDO_DEBUG_UTIL);
 
-    fd = iolog_openat(dfd, "log", O_CREAT|O_TRUNC|O_WRONLY);
+    fd = iolog_openat(dfd, "log", O_CREAT|O_TRUNC|O_WRONLY|O_NOFOLLOW);
     if (fd == -1 || (fp = fdopen(fd, "w")) == NULL) {
 	sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
 	    "unable to %sopen %s/log", fd == -1 ? "" : "fd", evlog->iolog_path);
@@ -178,7 +178,7 @@ iolog_write_info_file_json(int dfd, struct eventlog *evlog)
     if (!eventlog_store_json(&jsonc, evlog))
 	goto done;
 
-    fd = iolog_openat(dfd, "log.json", O_CREAT|O_TRUNC|O_WRONLY);
+    fd = iolog_openat(dfd, "log.json", O_CREAT|O_TRUNC|O_WRONLY|O_NOFOLLOW);
     if (fd == -1 || (fp = fdopen(fd, "w")) == NULL) {
 	sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
 	    "unable to %sopen %s/log.json", fd == -1 ? "" : "fd",
diff --git a/lib/iolog/iolog_mkdirs.c b/lib/iolog/iolog_mkdirs.c
@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2009-2022 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2009-2023, 2025-2026 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -53,11 +53,11 @@ iolog_mkdirs(const char *path)
     int dfd;
     debug_decl(iolog_mkdirs, SUDO_DEBUG_UTIL);
 
-    dfd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY);
+    dfd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_NOFOLLOW);
     if (dfd == -1 && errno == EACCES) {
 	/* Try again as the I/O log owner (for NFS). */
 	if (iolog_swapids(false)) {
-	    dfd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY);
+	    dfd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_NOFOLLOW);
 	    if (!iolog_swapids(true)) {
 		ok = false;
 		goto done;
diff --git a/lib/iolog/iolog_nextid.c b/lib/iolog/iolog_nextid.c
@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2009-2021 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2009-2021, 2026 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -82,7 +82,7 @@ iolog_nextid(const char *iolog_dir, char sessid[7])
 	    "%s: %s/seq", __func__, iolog_dir);
 	goto done;
     }
-    fd = iolog_openat(AT_FDCWD, pathbuf, O_RDWR|O_CREAT);
+    fd = iolog_openat(AT_FDCWD, pathbuf, O_RDWR|O_CREAT|O_NOFOLLOW);
     if (fd == -1) {
 	sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
 	    "%s: unable to open %s", __func__, pathbuf);
diff --git a/lib/iolog/iolog_open.c b/lib/iolog/iolog_open.c
@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2009-2021 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2009-2021, 2025-2026 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -80,7 +80,7 @@ iolog_open(struct iolog_file *iol, int dfd, int iofd, const char *mode)
     iol->compressed = false;
     iol->locked = false;
     if (iol->enabled) {
-	int fd = iolog_openat(dfd, file, flags);
+	int fd = iolog_openat(dfd, file, flags|O_NOFOLLOW);
 	if (lockit && fd != -1) {
 	    if (sudo_lock_file(fd, SUDO_TLOCK)) {
 		iol->locked = true;
diff --git a/lib/iolog/regress/fuzz/fuzz_iolog_timing.c b/lib/iolog/regress/fuzz/fuzz_iolog_timing.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2021, 2025-2026 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -86,7 +86,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	return 0;
 
     /* Create a timing file from the supplied data. */
-    dfd = open(logdir, O_RDONLY|O_DIRECTORY);
+    dfd = open(logdir, O_RDONLY|O_DIRECTORY|O_NOFOLLOW);
     if (dfd == -1)
 	goto cleanup;
 
diff --git a/lib/util/sudo_debug.c b/lib/util/sudo_debug.c
@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2011-2023 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2011-2023, 2026 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -164,12 +164,13 @@ sudo_debug_new_output(struct sudo_debug_instance *instance,
 	output->settings[j] = -1;
 
     /* Open debug file. */
-    output->fd = open(output->filename, O_WRONLY|O_APPEND, S_IRUSR|S_IWUSR);
+    output->fd = open(output->filename, O_WRONLY|O_APPEND|O_NOFOLLOW,
+	S_IRUSR|S_IWUSR);
     if (output->fd == -1) {
 	/* Create debug file as needed and set group ownership. */
 	if (errno == ENOENT) {
-	    output->fd = open(output->filename, O_WRONLY|O_APPEND|O_CREAT,
-		S_IRUSR|S_IWUSR);
+	    output->fd = open(output->filename,
+		O_WRONLY|O_APPEND|O_CREAT|O_NOFOLLOW, S_IRUSR|S_IWUSR);
 	}
 	if (output->fd == -1) {
 	    sudo_warn_nodebug("%s", output->filename);
diff --git a/logsrvd/iolog_writer.c b/logsrvd/iolog_writer.c
@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2019-2022 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2019-2023, 2025-2026 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -637,8 +637,8 @@ create_iolog_path(struct connection_closure *closure)
     evlog->iolog_file = evlog->iolog_path + strlen(expanded_dir) + 1;
 
     /* We use iolog_dir_fd in calls to openat(2) */
-    closure->iolog_dir_fd =
-	iolog_openat(AT_FDCWD, evlog->iolog_path, O_RDONLY|O_DIRECTORY);
+    closure->iolog_dir_fd = iolog_openat(AT_FDCWD, evlog->iolog_path,
+	O_RDONLY|O_DIRECTORY|O_NOFOLLOW);
     if (closure->iolog_dir_fd == -1) {
 	sudo_warn("%s", evlog->iolog_path);
 	goto bad;
@@ -721,7 +721,7 @@ iolog_store_uuid(int dfd, struct connection_closure *closure)
     }
 
     /* Write UUID in string form to the I/O log directory. */
-    fd = iolog_openat(dfd, "uuid", O_CREAT|O_TRUNC|O_WRONLY);
+    fd = iolog_openat(dfd, "uuid", O_CREAT|O_TRUNC|O_WRONLY|O_NOFOLLOW);
     if (fd == -1) {
 	sudo_warn(U_("unable to open %s/%s"), closure->evlog->iolog_path,
 	    "uuid");
@@ -894,7 +894,7 @@ iolog_rewrite(const struct timespec *target, struct connection_closure *closure)
 	sudo_warn(U_("unable to mkdir %s"), tmpdir);
 	goto done;
     }
-    tmpdir_fd = iolog_openat(AT_FDCWD, tmpdir, O_RDONLY|O_DIRECTORY);
+    tmpdir_fd = iolog_openat(AT_FDCWD, tmpdir, O_RDONLY|O_DIRECTORY|O_NOFOLLOW);
     if (tmpdir_fd == -1) {
 	sudo_warn(U_("unable to open %s"), tmpdir);
 	goto done;
diff --git a/logsrvd/logsrvd_conf.c b/logsrvd/logsrvd_conf.c
@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2019-2025 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2019-2026 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -1315,9 +1315,9 @@ logsrvd_open_eventlog(struct logsrvd_config *config)
 
     /* Cannot append to a JSON file that is a single object. */
     if (config->eventlog.log_format == EVLOG_JSON_PRETTY) {
-	flags = O_RDWR|O_CREAT;
+	flags = O_RDWR|O_CREAT|O_NOFOLLOW;
     } else {
-	flags = O_WRONLY|O_APPEND|O_CREAT;
+	flags = O_WRONLY|O_APPEND|O_CREAT|O_NOFOLLOW;
     }
     debug_return_ptr(logsrvd_open_log_file(config->logfile.path, flags));
 }
@@ -1836,7 +1836,8 @@ logsrvd_conf_apply(struct logsrvd_config *config)
 	break;
     case SERVER_LOG_FILE:
 	config->server.log_stream =
-	    logsrvd_open_log_file(config->server.log_file, O_WRONLY|O_APPEND|O_CREAT);
+	    logsrvd_open_log_file(config->server.log_file,
+	    O_WRONLY|O_APPEND|O_CREAT|O_NOFOLLOW);
 	if (config->server.log_stream == NULL)
 	    debug_return_bool(false);
 	sudo_warn_set_conversation(logsrvd_conv_logfile);
diff --git a/logsrvd/logsrvd_journal.c b/logsrvd/logsrvd_journal.c
@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2021-2022 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2021-2026 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -128,7 +128,8 @@ journal_mkuuid(const char *parent_dir, char *pathbuf, size_t pathsize)
 		goto done;
 	    }
 	}
-	fd = openat(dfd, uuid_str, O_CREAT|O_EXCL|O_RDWR, S_IRUSR|S_IWUSR);
+	fd = openat(dfd, uuid_str, O_CREAT|O_EXCL|O_RDWR|O_NOFOLLOW,
+	    S_IRUSR|S_IWUSR);
     } while (fd == -1 && errno == EEXIST);
     if (fd == -1) {
 	sudo_warn(U_("%s: %s"), "openat", pathbuf);
@@ -496,7 +497,7 @@ journal_restart(const RestartMessage *msg, const uint8_t *buf, size_t buflen,
 	closure->errstr = _("unable to open journal file");
 	debug_return_bool(false);
     }
-    if ((fd = open(journal_path, O_RDWR)) == -1) {
+    if ((fd = open(journal_path, O_RDWR|O_NOFOLLOW)) == -1) {
 	sudo_warn(U_("unable to open %s"), journal_path);
 	closure->errstr = _("unable to open journal file");
 	debug_return_bool(false);
diff --git a/logsrvd/logsrvd_local.c b/logsrvd/logsrvd_local.c
@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2019-2025 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2019-2026 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -298,7 +298,7 @@ store_exit_info_json(int dfd, const struct eventlog *evlog)
     if (!sudo_json_init(&jsonc, 4, false, false, false))
         goto done;
 
-    fd = iolog_openat(dfd, "log.json", O_RDWR);
+    fd = iolog_openat(dfd, "log.json", O_RDWR|O_NOFOLLOW);
     if (fd == -1) {
 	sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
 	    "unable to open to %s/log.json", evlog->iolog_path);
@@ -489,7 +489,7 @@ verify_iolog_uuid(int dfd, const unsigned char uuid[restrict static 16])
     debug_decl(verify_iolog_uuid, SUDO_DEBUG_UTIL);
 
     /* Read in the I/O log uuid (string form), which must be 36-bytes. */
-    fd = openat(dfd, "uuid", O_RDONLY);
+    fd = openat(dfd, "uuid", O_RDONLY|O_NOFOLLOW);
     if (fd == -1)
 	goto done;
     if (fstat(fd, &sb) == -1 || sb.st_size != 36)
@@ -545,7 +545,7 @@ store_restart_local(const RestartMessage *msg, const uint8_t *buf, size_t len,
 
     /* We use iolog_dir_fd in calls to openat(2) */
     closure->iolog_dir_fd = iolog_openat(AT_FDCWD,
-	closure->evlog->iolog_path, O_RDONLY|O_DIRECTORY);
+	closure->evlog->iolog_path, O_RDONLY|O_DIRECTORY|O_NOFOLLOW);
     if (closure->iolog_dir_fd == -1) {
 	sudo_warn("%s", closure->evlog->iolog_path);
 	goto bad;
diff --git a/logsrvd/logsrvd_queue.c b/logsrvd/logsrvd_queue.c
@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2021-2025 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2021-2026 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -94,7 +94,7 @@ outgoing_queue_cb(int unused, int what, void *v)
 	FILE *fp;
 	int fd;
 
-	fd = open(oj->journal_path, O_RDWR);
+	fd = open(oj->journal_path, O_RDWR|O_NOFOLLOW);
 	if (fd == -1) {
 	    if (errno == ENOENT) {
 		TAILQ_REMOVE(&outgoing_journal_queue, oj, entries);
diff --git a/logsrvd/sendlog.c b/logsrvd/sendlog.c
@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2019-2023, 2025 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2019-2023, 2025-2026 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -1858,7 +1858,7 @@ main(int argc, char *argv[])
     if (argc != 1)
 	usage();
     iolog_dir = argv[0];
-    if ((iolog_dir_fd = open(iolog_dir, O_RDONLY|O_DIRECTORY)) == -1) {
+    if ((iolog_dir_fd = open(iolog_dir, O_RDONLY|O_DIRECTORY|O_NOFOLLOW)) == -1) {
 	sudo_warn("%s", iolog_dir);
 	goto bad;
     }
diff --git a/plugins/audit_json/audit_json.c b/plugins/audit_json/audit_json.c
@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2020-2021 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2020-2023, 2025-2026 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -151,7 +151,7 @@ audit_json_open(unsigned int version, sudo_conv_t conversation,
     /* open log file */
     /* TODO: support pipe */
     oldmask = umask(S_IRWXG|S_IRWXO);
-    fd = open(state.logfile, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR);
+    fd = open(state.logfile, O_RDWR|O_CREAT|O_NOFOLLOW, S_IRUSR|S_IWUSR);
     (void)umask(oldmask);
     if (fd == -1 || fcntl(fd, F_SETFD, FD_CLOEXEC) == -1 ||
 	    (state.log_fp = fdopen(fd, "w")) == NULL) {
diff --git a/plugins/sudoers/iolog.c b/plugins/sudoers/iolog.c
@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2009-2023, 2025 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2009-2023, 2025-2026 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -715,8 +715,8 @@ sudoers_io_open_local(struct timespec *start_time)
 	goto bad;
     }
 
-    iolog_dir_fd =
-	iolog_openat(AT_FDCWD, evlog->iolog_path, O_RDONLY|O_DIRECTORY);
+    iolog_dir_fd = iolog_openat(AT_FDCWD, evlog->iolog_path,
+	O_RDONLY|O_DIRECTORY|O_NOFOLLOW);
     if (iolog_dir_fd == -1) {
 	log_warning(ctx, SLOG_SEND_MAIL, "%s", evlog->iolog_path);
 	warned = true;
diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c
@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 1994-1996, 1998-2024 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 1994-1996, 1998-2026 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -1070,10 +1070,10 @@ sudoers_log_open(int type, const char *log_file)
 	case EVLOG_FILE:
 	    /* Open log file as root, mode 0600 (cannot append to JSON). */
 	    if (def_log_format == json || def_log_format == json_pretty) {
-		flags = O_RDWR|O_CREAT;
+		flags = O_RDWR|O_CREAT|O_NOFOLLOW;
 		omode = "w";
 	    } else {
-		flags = O_WRONLY|O_APPEND|O_CREAT;
+		flags = O_WRONLY|O_APPEND|O_CREAT|O_NOFOLLOW;
 		omode = "a";
 	    }
 	    oldmask = umask(S_IRWXG|S_IRWXO);
diff --git a/plugins/sudoers/sudoreplay.c b/plugins/sudoers/sudoreplay.c
@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2009-2023 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2009-2026 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -342,7 +342,8 @@ main(int argc, char *argv[])
     }
 
     /* Open files for replay, applying replay filter for the -f flag. */
-    iolog_dir_fd = iolog_openat(AT_FDCWD, iolog_dir, O_RDONLY|O_DIRECTORY);
+    iolog_dir_fd = iolog_openat(AT_FDCWD, iolog_dir,
+	O_RDONLY|O_DIRECTORY|O_NOFOLLOW);
     if (iolog_dir_fd == -1)
 	sudo_fatal("%s", iolog_dir);
     for (i = 0; i < IOFD_MAX; i++) {
diff --git a/plugins/sudoers/timestamp.c b/plugins/sudoers/timestamp.c
diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`/*`
`2`	`2`	`* SPDX-License-Identifier: ISC`
`3`	`3`	`*`
`4`		`- * Copyright (c) 2009-2021 Todd C. Miller <Todd.Miller@sudo.ws>`
	`4`	`+ * Copyright (c) 2009-2021, 2026 Todd C. Miller <Todd.Miller@sudo.ws>`
`5`	`5`	`*`
`6`	`6`	`* Permission to use, copy, modify, and distribute this software for any`
`7`	`7`	`* purpose with or without fee is hereby granted, provided that the above`
`@@ -82,7 +82,7 @@ iolog_nextid(const char *iolog_dir, char sessid[7])`
`82`	`82`	`"%s: %s/seq", __func__, iolog_dir);`
`83`	`83`	`goto done;`
`84`	`84`	`}`
`85`		`- fd = iolog_openat(AT_FDCWD, pathbuf, O_RDWR\|O_CREAT);`
	`85`	`+ fd = iolog_openat(AT_FDCWD, pathbuf, O_RDWR\|O_CREAT\|O_NOFOLLOW);`
`86`	`86`	`if (fd == -1) {`
`87`	`87`	`sudo_debug_printf(SUDO_DEBUG_ERROR\|SUDO_DEBUG_ERRNO,`
`88`	`88`	`"%s: unable to open %s", __func__, pathbuf);`