When setting up the execution environment, set groups before gid/egid

like sudo 1.7 did.

diff --git a/src/sudo.c b/src/sudo.c
index 4d976b91ad4da806b308597539998ac10c27358c..5aeb7ec714abcd339892ad0ad6957503014ba0e8 100644 (file)
--- a/src/sudo.c
+++ b/src/sudo.c
@@ -988,6 +988,14 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
     /*
      * Set groups, including supplementary group vector.
      */
+    if (!ISSET(details->flags, CD_PRESERVE_GROUPS)) {
+       if (details->ngroups >= 0) {
+           if (sudo_setgroups(details->ngroups, details->groups) < 0) {
+               warning(_("unable to set supplementary group IDs"));
+               goto done;
+           }
+       }
+    }
 #ifdef HAVE_SETEUID
     if (ISSET(details->flags, CD_SET_EGID) && setegid(details->egid)) {
        warning(_("unable to set effective gid to runas gid %u"),
@@ -1001,15 +1009,6 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
        goto done;
     }
 
-    if (!ISSET(details->flags, CD_PRESERVE_GROUPS)) {
-       if (details->ngroups >= 0) {
-           if (sudo_setgroups(details->ngroups, details->groups) < 0) {
-               warning(_("unable to set supplementary group IDs"));
-               goto done;
-           }
-       }
-    }
-
     if (ISSET(details->flags, CD_SET_PRIORITY)) {
        if (setpriority(PRIO_PROCESS, 0, details->priority) != 0) {
            warning(_("unable to set process priority"));