From 7d5c340f98b85cafc40384e51cb9facf35713e2c Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Fri, 23 Jan 1998 00:28:00 +0000
Subject: [PATCH] do an initgroups() before running a command, unless the
 target user is root.

---
 sudo.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/sudo.c b/sudo.c
index 82fd7ff3e..f02a4b163 100644
--- a/sudo.c
+++ b/sudo.c
@@ -936,6 +936,20 @@ void set_perms(perm, sudo_mode)
 					exit(1);
 				    }
 
+				    /*
+				     * Initialize group vector only if
+				     * we are going to be a non-root user.
+				     */
+				    if (strcmp(runas_user, "root") != 0 &&
+					initgroups(runas_user, pw_ent->pw_gid)
+					== -1) {
+					(void) fprintf(stderr,
+					    "%s: cannot set group vector ",
+					    Argv[0]);
+					perror("");
+					exit(1);
+				    }
+
 				    if (setuid(pw_ent->pw_uid)) {
 					(void) fprintf(stderr,
 					    "%s: cannot set uid to %d: ",  
-- 
2.50.1