All:
Do we want to slip this into presently supported branches containing
1.6.9p17? It's a quick patch:
http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diff?r1=1.160.2.21&r2=1.160.2.22&only_with_tag=SUDO_1_6_9
I tested it on -rOPENBSD_4_3. Just be sure to nuke the version string.
$ more sudo_p20.patch
===
RCS file: /home/anoncvs/cvs/sudo/parse.c,v
retrieving revision 1.160.2.21
retrieving revision 1.160.2.22
diff -u -p -r1.160.2.21 -r1.160.2.22
--- sudo/parse.c2008/11/02 14:35:53 1.160.2.21
+++ sudo/parse.c2009/01/28 00:50:01 1.160.2.22
@@ -651,9 +651,11 @@ usergr_matches(group, user, pw)
/*
* If the user has a supplementary group vector, check it first.
*/
-for (i = 0; i < user_ngroups; i++) {
- if (grp->gr_gid == user_groups[i])
- return(TRUE);
+if (strcmp(user, user_name) == 0) {
+ for (i = 0; i < user_ngroups; i++) {
+ if (grp->gr_gid == user_groups[i])
+ return(TRUE);
+ }
}
if (grp->gr_mem != NULL) {
for (cur = grp->gr_mem; *cur; cur++) {
sekle...@seawing:/usr/src/usr.bin$ sudo patch -p0 < sudo_p20.patch
Hmm... Looks like a unified diff to me...
The text leading up to this was:
--
|===
|RCS file: /home/anoncvs/cvs/sudo/parse.c,v
|retrieving revision 1.160.2.21
|retrieving revision 1.160.2.22
|diff -u -p -r1.160.2.21 -r1.160.2.22
|--- sudo/parse.c 2008/11/02 14:35:53 1.160.2.21
|+++ sudo/parse.c 2009/01/28 00:50:01 1.160.2.22
--
Patching file sudo/parse.c using Plan A...
Hunk #1 succeeded at 606 (offset -45 lines).
done