--- embedaddon/sudo/plugins/sudoers/sudoers.c	2013/07/22 10:46:12	1.1.1.4
+++ embedaddon/sudo/plugins/sudoers/sudoers.c	2013/10/14 07:56:35	1.1.1.5
@@ -147,7 +147,6 @@ sudoers_policy_init(void *info, char * const envp[])
     snl = sudo_read_nss();
 
     /* LDAP or NSS may modify the euid so we need to be root for the open. */
-    set_perms(PERM_INITIAL);
     set_perms(PERM_ROOT);
 
     /* Open and parse sudoers, set global defaults */
@@ -228,15 +227,6 @@ sudoers_policy_main(int argc, char * const argv[], int
         goto bad;
     }    
 
-    /* Check for -C overriding def_closefrom. */
-    if (user_closefrom >= 0 && user_closefrom != def_closefrom) {
-	if (!def_closefrom_override) {
-	    warningx(_("you are not permitted to use the -C option"));
-	    goto bad;
-	}
-	def_closefrom = user_closefrom;
-    }
-
     set_perms(PERM_INITIAL);
 
     /* Environment variables specified on the command line. */
@@ -266,9 +256,18 @@ sudoers_policy_main(int argc, char * const argv[], int
     if (ISSET(sudo_mode, MODE_PRESERVE_GROUPS))
 	def_preserve_groups = true;
 
-    /* Find command in path */
+    /* Find command in path and apply per-command Defaults. */
     cmnd_status = set_cmnd();
 
+    /* Check for -C overriding def_closefrom. */
+    if (user_closefrom >= 0 && user_closefrom != def_closefrom) {
+	if (!def_closefrom_override) {
+	    warningx(_("you are not permitted to use the -C option"));
+	    goto bad;
+	}
+	def_closefrom = user_closefrom;
+    }
+
     /*
      * Check sudoers sources, using the locale specified in sudoers.
      */
@@ -523,6 +522,7 @@ static void
 init_vars(char * const envp[])
 {
     char * const * ep;
+    bool unknown_user = false;
     debug_decl(init_vars, SUDO_DEBUG_PLUGIN)
 
     sudoers_initlocale(setlocale(LC_ALL, NULL), def_sudoers_locale);
@@ -563,16 +563,16 @@ init_vars(char * const envp[])
 
 	    /* Need to make a fake struct passwd for the call to log_fatal(). */
 	    sudo_user.pw = sudo_mkpwent(user_name, user_uid, user_gid, NULL, NULL);
-	    log_fatal(0, N_("unknown uid: %u"), (unsigned int) user_uid);
-	    /* NOTREACHED */
+	    unknown_user = true;
 	}
     }
 
     /*
-     * Get group list.
+     * Get group list and store initialize permissions.
      */
     if (user_group_list == NULL)
 	user_group_list = sudo_get_grlist(sudo_user.pw);
+    set_perms(PERM_INITIAL);
 
     /* Set runas callback. */
     sudo_defs_table[I_RUNAS_DEFAULT].callback = cb_runas_default;
@@ -584,6 +584,8 @@ init_vars(char * const envp[])
     sudo_defs_table[I_MAXSEQ].callback = io_set_max_sessid;
 
     /* It is now safe to use log_fatal() and set_perms() */
+    if (unknown_user)
+	log_fatal(0, N_("unknown uid: %u"), (unsigned int) user_uid);
     debug_return;
 }
 
@@ -807,7 +809,7 @@ set_fqdn(void)
     char *p;
     debug_decl(set_fqdn, SUDO_DEBUG_PLUGIN)
 
-    zero_bytes(&hint, sizeof(hint));
+    memset(&hint, 0, sizeof(hint));
     hint.ai_family = PF_UNSPEC;
     hint.ai_flags = AI_FQDN;
     if (getaddrinfo(user_host, NULL, &hint, &res0) != 0) {