Comment 7 for bug 1565567

(2)

Going back to backtrace we have:

mode_run -> policy_check -> sudoers_policy_main - >create_admin_success_flag -> user_in_group (global sudo_user)

   /* Check whether the user is in the admin group. */
   if (!user_in_group(sudo_user.pw, "admin") &&
       !user_in_group(sudo_user.pw, "sudo"))
       debug_return_int(true);

and then user_in_group calls:

   if ((grlist = sudo_get_grlist(pw)) != NULL) {

 if "admin" == pw->pw_gid: matched = 1, goto done.

(gdb) print sudo_user->pw->pw_gid
$5 = 7241
Not the case.

       /*
        * Next check the supplementary group vector.
        * It usually includes the password db group too.
        */

       for (i = 0; i < grlist->ngroups; i++) {
           if (strcasecmp(group, grlist->groups[i]) == 0) {
               matched = true;
               goto done;
           }
       }

(gdb) frame 1
#1 0x00007fa01c0a7ab1 in user_in_group (pw=0x56174c050ca8, group=group@entry=0x7fa01c0b14c4 "admin")
    at /build/sudo-g3ghsu/sudo-1.8.16/plugins/sudoers/pwutil.c:842
842 if ((grp = sudo_getgrgid(pw->pw_gid)) != NULL) {
(gdb) print grlist->ngroups
$6 = 1
(gdb) print grlist->groups[0]
$7 = 0x56174c050d7f "sudo"

This should have gone to "done" because it is "sudo".
But we are checking for "admin":

(gdb) print group
$12 = 0x7fa01c0b14c4 "admin"

In both cases it should have finished and not continued. If it continued, it would go to “PROBLEM" (comment #6)