Index: set_perms.c
===================================================================
RCS file: /home/cvs/courtesan/sudo/set_perms.c,v
retrieving revision 1.30.2.7
diff -u -r1.30.2.7 set_perms.c
--- set_perms.c	27 Nov 2007 23:41:23 -0000	1.30.2.7
+++ set_perms.c	25 Apr 2009 14:01:15 -0000
@@ -376,11 +376,12 @@
 #endif /* HAVE_SETRESUID */
 
 #ifdef HAVE_INITGROUPS
+static int runas_ngroups = -1;
+static GETGROUPS_T *runas_groups;
+
 static void
 runas_setgroups()
 {
-    static int ngroups = -1;
-    static GETGROUPS_T *groups;
     struct passwd *pw;
 
     if (def_preserve_groups)
@@ -389,19 +390,26 @@
     /*
      * Use stashed copy of runas groups if available, else initgroups and stash.
      */
-    if (ngroups == -1) {
+    if (runas_ngroups == -1) {
 	pw = runas_pw ? runas_pw : sudo_user.pw;
 	if (initgroups(pw->pw_name, pw->pw_gid) < 0)
 	    log_error(USE_ERRNO|MSG_ONLY, "can't set runas group vector");
-	if ((ngroups = getgroups(0, NULL)) < 0)
+	if ((runas_ngroups = getgroups(0, NULL)) < 0)
 	    log_error(USE_ERRNO|MSG_ONLY, "can't get runas ngroups");
-	groups = emalloc2(ngroups, sizeof(GETGROUPS_T));
-	if (getgroups(ngroups, groups) < 0)
+	runas_groups = emalloc2(runas_ngroups, sizeof(GETGROUPS_T));
+	if (getgroups(runas_ngroups, runas_groups) < 0)
 	    log_error(USE_ERRNO|MSG_ONLY, "can't get runas group vector");
     } else {
-	if (setgroups(ngroups, groups) < 0)
+	if (setgroups(runas_ngroups, runas_groups) < 0)
 	    log_error(USE_ERRNO|MSG_ONLY, "can't set runas group vector");
     }
+}
+
+void
+runas_resetgroups()
+{
+    runas_ngroups = -1;
+    efree(runas_groups);
 }
 
 static void
Index: sudo.c
===================================================================
RCS file: /home/cvs/courtesan/sudo/sudo.c,v
retrieving revision 1.369.2.52
diff -u -r1.369.2.52 sudo.c
--- sudo.c	25 Feb 2009 11:07:43 -0000	1.369.2.52
+++ sudo.c	25 Apr 2009 14:01:16 -0000
@@ -131,6 +131,7 @@
 extern struct passwd *sudo_getpwnam	__P((const char *));
 extern struct passwd *sudo_getpwuid	__P((uid_t));
 extern struct passwd *sudo_pwdup	__P((const struct passwd *));
+extern void runas_resetgroups		__P((void));
 
 /*
  * Globals
@@ -1293,6 +1294,7 @@
 	if (runas_pw == NULL)
 	    log_error(NO_MAIL|MSG_ONLY, "no passwd entry for %s!", user);
     }
+    runas_resetgroups();
     return(TRUE);
 }