[sudo-users] possible sudo bug?

Todd C. Miller Todd.Miller at courtesan.com
Tue Nov 20 15:31:46 EST 2007


In the past, sudo searched the path for the command as root.
Currently, this is done as the user the command is being run as.

My guess is that the problem arises from the fact that while user
tony may be in group bin, bin is not his primary group (as listed
in the passwd database).  It is the primary group that is set to
be the effective gid for the path search.

It should be possible for sudo to use the auxiliary groups during
the path search.  This would require stashing the existing group
vector, calling initgroups() and then restoring the old group vector.

 - todd



More information about the sudo-users mailing list