Bug 857

Summary: sudo ends with message "unable to set runas group vector"
Product: Sudo Reporter: Thomas Mielke <Thomas.Mielke>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: high    
Priority: low    
Version: 1.8.25   
Hardware: IBM   
OS: AIX   

Description Thomas Mielke 2018-10-25 01:16:32 MDT 
On AIX sudo gives always the message "unable to set runas group vector".
As a result sudo is not switching to the effective user and group.

The bug is identified in source code "lib/util/getgrouplist.c" line 141: grset++;

The code is first retrieving all supplemental groups of a user with "grset = getgrset (name). After that grset is a char string i.e. "202,1". With buggy grset++ grset is than pointing to "02,1", interpreting 02 as the first supplemental Group id, which is wrong!

Easy solution is to remove line 141 "grset++;" completely!
Comment 1 Todd C. Miller 2018-10-25 07:21:51 MDT 
Thanks for debugging this.  I've committed the fix:
https://www.sudo.ws/repos/sudo/rev/03b19227cab2
Comment 2 Todd C. Miller 2018-11-16 11:14:39 MST 
Fixed in sudo 1.8.26.