Bug 57 – Use of initgroups() and setting of group vector to be configurable via command-line option

Bug 57 - Use of initgroups() and setting of group vector to be configurable via command-line option


Summary:	Use of initgroups() and setting of group vector to be configurable via comman...

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.6.4
Hardware:	All All

Importance:	normal enhancement
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2001-11-15 12:11 MST by TJ Saunders
Modified:	2001-12-14 21:10 MST (History)
CC List:	0 users

See Also:

Attachments
Patches sudo.h, sudo.c, set_perms.c, sudo.man.in (4.75 KB, patch) 2001-11-15 12:12 MST, TJ Saunders	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description TJ Saunders 2001-11-15 12:11:29 MST

The setting of the group vector, the supplemental group membership, of a process
for any target user other than root, is currently hard-coded.  I can see why
preserving the current group vector when the target user is root is beneficial,
but user root should not be treated as a hard-coded exception -- this behavior
should be controllable for any target user, via the command-line.

I've attached a patch which adds a -P command-line option, with appropriate
changes to the sudo man page.

Comment 1 TJ Saunders 2001-11-15 12:12:59 MST

Created attachment 5 [details]
Patches sudo.h, sudo.c, set_perms.c, sudo.man.in

Comment 2 Todd C. Miller 2001-12-14 17:10:59 MST

OK, it seems this is causing problems for at least one other person.  In sudo 1.6.4 the default
with be to allways do initgroups() with a sudoers option and command line flag to change the
behavior.