Description of problem:
sudo not executing the calling path when using symlinks

Steps to Reproduce:
(0) [root@node ~]# mkdir dir1 dir2 common
(0) [root@node ~]# printf '#! /bin/bash\necho $0\n' > common/script
(0) [root@node ~]# chmod 700 common/script
(0) [root@node ~]# ln -s ../common/script dir1/script
(0) [root@node ~]# ln -s ../common/script dir1/script1
(0) [root@node ~]# ln -s ../common/script dir2/script
(0) [root@node ~]# ln -s ../common/script dir2/script2
(0) [root@node ~]# ls -l dir?
dir1:
total 0
lrwxrwxrwx 1 root root 16 Dec 21 09:29 script -> ../common/script
lrwxrwxrwx 1 root root 16 Dec 21 09:30 script1 -> ../common/script

dir2:
total 0
lrwxrwxrwx 1 root root 16 Dec 21 09:30 script -> ../common/script
lrwxrwxrwx 1 root root 16 Dec 21 09:30 script2 -> ../common/script
(0) [root@node ~]# /root/dir1/script
/root/dir1/script
(0) [root@node ~]# /root/dir2/script
/root/dir2/script
(0) [root@node ~]# printf 'ALL ALL = (root)NOPASSWD:/root/dir1/script,/root/dir1/script1,/root/dir2/script,/root/dir2/script2' >> /etc/sudoers

(0) user@node ~: sudo -u root /root/dir1/script
/root/dir2/script

Actual results:

Running sudo -u root /root/dir1/script
executes /root/dir2/script

Expected results:

(0) user@node ~: sudo -u root /root/dir2/script
/root/dir2/script
(0) user@node ~: sudo -u root /root/dir1/script1
/root/dir1/script1
(0) user@node ~: sudo -u root /root/dir2/script2
/root/dir2/script2

Additional info:

I can reproduce the issue with latest RHEL 8
But its not clear why this happen.

As the customer has explained I did strace on the normal user's shell process and see that indeed the command being passed to the execve() system call are wrong.
So meaning the sudo is passing the wrong command arguments to execve() call.

~~~

1. less testuser.strace | grep execve
   204772 00:09:18.361206 execve("/usr/bin/sudo", ["sudo", "-u", "root", "/root/dir1/script"], ["LS_COLORS=rs=0:di [...output skipped...]
   204777 00:09:18.601602 execve("/usr/sbin/unix_chkpwd", ["/usr/sbin/unix_chkpwd", "testuser", "chkexpiry"], []) = 0 <0.000307>
   204778 00:09:18.617734 execve("/root/dir2/script", ["/root/dir1/script"], ["LS_COLORS=rs=0:di=38;5;33:ln=38; [...output skipped...]
   ~~~

Searching for man page of sudoers, I see some notes related to where travelling with symlink is allowed and not.
But here its like it executing a different file altogether so its not making sense to me.

I found that we can use debugging in sudo using the following configuration as explained in

A.2. Troubleshooting sudo with SSSD and sudo Debugging Logs
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system-level_authentication_guide/troubleshooting-sudo

I see that there is a matching perform to check if the command entered is matching the defination given in the sudo file or not.
But here the comparison between files /root/dir1/script and /root/dir2/script matches for some reason.
It should match the command /root/dir1/script which is already written in the sudo file but its instead matching the /root/dir2/script and also succeeds with the match
~~~

1. less /var/log/sudo_debug.log | grep /root/dir
   Dec 31 02:16:05 sudo[66267] user command "/root/dir1/script" matches sudoers command "/root/dir2/script2": false @ command_matches() ./match_command.c:540
   Dec 31 02:16:05 sudo[66267] user command "/root/dir1/script" matches sudoers command "/root/dir2/script": true @ command_matches() ./match_command.c:540
   Dec 31 02:16:05 sudo[66267] sudo_putenv: SUDO_COMMAND=/root/dir1/script
   Dec 31 02:16:05 sudo[66267] <- new_logline @ ./logging.c:1097 := TTY=pts/0 ; PWD=/home/testuser ; USER=root ; COMMAND=/root/dir1/script
   Dec 31 02:16:05 sudo[66267] <- sudo_new_key_val_v1 @ ./key_val.c:63 := command=/root/dir2/script
   Dec 31 02:16:05 sudo[66267] 0: command=/root/dir2/script
   Dec 31 02:16:05 sudo[66267] executed /root/dir2/script, pid 66270
   Dec 31 02:16:05 sudo[66270] exec /root/dir2/script [/root/dir1/script] [LS_COLORS=rs=0:di=38;5;33:ln=38;5;51:mh=00:pi=40;38;5;11:so=38;5;13:do=38;5;5:bd=48;5;232;38;5;11:cd=48;5;232;38;5;3:or=48;5;232;38;5;9:mi=01;05;37;41:su=48;5;196;38;5;15:sg=48;5;11;38;5;16:ca=48;5;196;38;5;226:tw=48;5;10;38;5;16:ow=48;5;10;38;5;21:st=48;5;21;38;5;15:ex=38;5;40:*.tar=38;5;9:*.tgz=38;5;9:*.arc=38;5;9:*.arj=38;5;9:*.taz=38;5;9:*.lha=38;5;9:*.lz4=38;5;9:*.lzh=38;5;9:*.lzma=38;5;9:*.tlz=38;5;9:*.txz=38;5;9:*.tzo=38;5;9:*.t7z=38;5;9:*.zip=38;5;9:*.z=38;5;9:*.dz=38;5;9:*.gz=38;5;9:*.lrz=38;5;9:*.lz=38;5;9:*.lzo=38;5;9:*.xz=38;5;9:*.zst=38;5;9:*.tzst=38;5;9:*.bz2=38;5;9:*.bz=38;5;9:*.tbz=38;5;9:*.tbz2=38;5;9:*.tz=38;5;9:*.deb=38;5;9:*.rpm=38;5;9:*.jar=38;5;9:*.war=38;5;9:*.ear=38;5;9:*.sar=38;5;9:*.rar=38;5;9:*.alz=38;5;9:*.ace=38;5;9:*.zoo=38;5;9:*.cpio=38;5;9:*.7z=38;5;9:*.rz=38;5;9:*.cab=38;5;9:*.wim=38;5;9:*.swm=38;5;9:*.dwm=38;5;9:*.esd=38;5;9:*.jpg=38;5;13:*.jpeg=38;5;13:*.mjpg=38;5;13:*.mjpeg=38;5;13:*.gif=38;5;13:*.bmp=38;5;13:*.pbm=38;5;13:*.pgm=38;5;13:*.ppm=38;5;13:*.tga=38;5;13:*.xbm=38;5;13:*.xpm=38;5;13:*.tif=38;5;13:*.tiff=38;5;13:*.png=38;5;13:*.svg=38;5;13:*.svgz=38;5;13:*.mng=38;5;13:*.pcx=38;5;13:*.mov=38;5;13:*.mpg=38;5;13:*.mpeg=38;5;13:*.m2v=38;5;13:*.mkv=38;5;13:*.webm=38;5;13:*.ogm=38;5;13:*.mp4=38;5;13:*.m4v=38;5;13:*.mp4v=38;5;13:*.vob=38;5;13:*.qt=38;5;13:*.nuv=38;5;13:*.wmv=38;5;13:*.asf=38;5;13:*.rm=38;5;13:*.rmvb=38;5;13:*.flc=38;5;13:*.avi=38;5;13:*.fli=38;5;13:*.flv=38;5;13:*.gl=38;5;13:*.dl=38;5;13:*.xcf=38;5;13:*.xwd=38;5;13:*.yuv=38;5;13:*.cgm=38;5;13:*.emf=38;5;13:*.ogv=38;5;13:*.ogx=38;5;13:*.aac=38;5;45:*.au=38;5;45:*.flac=38;5;45:*.m4a=38;5;45:*.mid=38;5;45:*.midi=38;5;45:*.mka=38;5;45:*.mp3=38;5;45:*.mpc=38;5;45:*.ogg=38;5;45:*.ra=38;5;45:*.wav=38;5;45:*.oga=38;5;45:*.opus=38;5;45:*.spx=38;5;45:*.xspf=38;5;45: LANG=en_US.UTF-8 HOSTNAME=rhel8.test.example.local MAIL=/var/spool/mail/testuser TERM=xterm-256color HISTSIZE=10000 PATH=/sbin:/bin:/usr/sbin:/usr/bin LOGNAME=root USER=root HOME=/root SHELL=/bin/bash SUDO_COMMAND=/root/dir1/script SUDO_USER=testuser SUDO_UID=1011 SUDO_GID=1012]
   ~~~