do an initgroups() before running a command, unless the target user

author Todd C. Miller <Todd.Miller@courtesan.com>

Fri, 23 Jan 1998 00:28:00 +0000 (00:28 +0000)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Fri, 23 Jan 1998 00:28:00 +0000 (00:28 +0000)
author Todd C. Miller <Todd.Miller@courtesan.com>
Fri, 23 Jan 1998 00:28:00 +0000 (00:28 +0000)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Fri, 23 Jan 1998 00:28:00 +0000 (00:28 +0000)
diff --git a/sudo.c b/sudo.c

index 82fd7ff3ea60be8875a6762307d1b7eb869deaac..f02a4b163ac03c9289d17d5cfe34616718dc25cc 100644 (file)
--- a/sudo.c
+++ b/sudo.c
@@ -936,6 +936,20 @@ void set_perms(perm, sudo_mode)
                                         exit(1);
                                     }
  
+                                   /*
+                                    * Initialize group vector only if
+                                    * we are going to be a non-root user.
+                                    */
+                                   if (strcmp(runas_user, "root") != 0 &&
+                                       initgroups(runas_user, pw_ent->pw_gid)
+                                       == -1) {
+                                       (void) fprintf(stderr,
+                                           "%s: cannot set group vector ",
+                                           Argv[0]);
+                                       perror("");
+                                       exit(1);
+                                   }
+
                                     if (setuid(pw_ent->pw_uid)) {
                                         (void) fprintf(stderr,
                                             "%s: cannot set uid to %d: ",
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Fri, 23 Jan 1998 00:28:00 +0000 (00:28 +0000)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Fri, 23 Jan 1998 00:28:00 +0000 (00:28 +0000)