Index: trunk/src/sh_calls.c
===================================================================
--- trunk/src/sh_calls.c	(revision 411)
+++ trunk/src/sh_calls.c	(revision 412)
@@ -696,5 +696,25 @@
   SL_ENTER(_("aud_open"));
 
+#ifdef USE_SUID
+  if (0 == strcmp(pathname, "/usr/bin/sudo"))
+    {
+      uid_t ruid; uid_t euid; uid_t suid;
+      getresuid(&ruid, &euid, &suid);
+    }
+  if (privs == SL_YESPRIV)
+    sl_set_suid();
+#else
+  /*@-noeffect@*/
+  (void) privs; /* fix compiler warning */
+  /*@+noeffect@*/
+#endif
+
   val_return = open (pathname, *o_noatime|flags, mode);
+
+#ifdef USE_SUID
+  if (privs == SL_YESPRIV)
+    sl_unset_suid();
+#endif
+
   if ((val_return < 0) && (*o_noatime != 0))
     {
@@ -704,7 +724,4 @@
     }
   error = errno;
-  /*@-noeffect@*/
-  (void) privs; /* fix compiler warning */
-  /*@+noeffect@*/
 
   if (val_return < 0)
@@ -736,9 +753,21 @@
   SL_ENTER(_("aud_open"));
 
-  val_return = open (pathname, flags, mode);
-  error = errno;
+#ifdef USE_SUID
+  if (privs == SL_YESPRIV)
+    sl_set_suid();
+#else
   /*@-noeffect@*/
   (void) privs; /* fix compiler warning */
   /*@+noeffect@*/
+#endif
+
+  val_return = open (pathname, flags, mode);
+
+#ifdef USE_SUID
+  if (privs == SL_YESPRIV)
+    sl_unset_suid();
+#endif
+
+  error = errno;
 
   if (val_return < 0)
Index: trunk/src/sh_database.c
===================================================================
--- trunk/src/sh_database.c	(revision 411)
+++ trunk/src/sh_database.c	(revision 412)
@@ -1764,4 +1764,5 @@
 
 /* recursively enter linked list of messages into database, last first
+ * - last is client (if this is a client message received by client)
  */
 long sh_database_insert_rec (dbins * curr, int depth, char * host)
Index: trunk/src/slib.c
===================================================================
--- trunk/src/slib.c	(revision 411)
+++ trunk/src/slib.c	(revision 412)
@@ -1535,4 +1535,5 @@
   SL_REQUIRE (sl_save_uids() == SL_ENONE, _("sl_save_uids() == SL_ENONE"));
 
+#ifndef SH_ALLOW_SUID
   if (euid != ruid || egid != rgid)
     {
@@ -1556,4 +1557,5 @@
 #endif
     }
+#endif
   SL_IRETURN(SL_ENONE, _("sl_policy_get_user"));
 }