Introduced in e322f89; this is most evident when trying to do something like sudo pkill; pkill is a symbolic link to pgrep, but pgrep does care how it was invoked.

Easy fix is of course to revert the commit, but putting the canonicalization step before permission check had a purpose (and it was mostly to deal with directories being symlinks, not the actual commands).

We should probably also add a few regression tests for this situation.

Note: best solution is probably to modify the arg0 to contain the invoking, unresolved command.

Note: the above-proposed fix works for symlinked binaries, but not for symlinked shell scripts.