From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Fri, 23 Jan 1998 00:28:00 +0000 (+0000)
Subject: do an initgroups() before running a command, unless the target user
X-Git-Tag: SUDO_1_5_6~111
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7d5c340f98b85cafc40384e51cb9facf35713e2c;p=sudo

do an initgroups() before running a command, unless the target user
is root.
---

diff --git a/sudo.c b/sudo.c
index 82fd7ff3e..f02a4b163 100644
--- a/sudo.c
+++ b/sudo.c
@@ -936,6 +936,20 @@ void set_perms(perm, sudo_mode)
 					exit(1);
 				    }
 
+				    /*
+				     * Initialize group vector only if
+				     * we are going to be a non-root user.
+				     */
+				    if (strcmp(runas_user, "root") != 0 &&
+					initgroups(runas_user, pw_ent->pw_gid)
+					== -1) {
+					(void) fprintf(stderr,
+					    "%s: cannot set group vector ",
+					    Argv[0]);
+					perror("");
+					exit(1);
+				    }
+
 				    if (setuid(pw_ent->pw_uid)) {
 					(void) fprintf(stderr,
 					    "%s: cannot set uid to %d: ",