From 4dba87262a3d117a4c2962a4fe65e500878690e4 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Wed, 6 May 2020 16:38:08 -0600
Subject: [PATCH] Look up runas user by name, not euid, where possible. Fixes a
 problem when there are multiple users with the same user-ID where the PAM
 session modules could be called with the wrong user name. Debian bug #734752

---
 src/sudo.c | 6 +++++-
 src/sudo.h | 1 +
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/sudo.c b/src/sudo.c
index 4e7ce4632..54e993950 100644
--- a/src/sudo.c
+++ b/src/sudo.c
@@ -803,6 +803,7 @@ command_info_to_details(char * const info[], struct command_details *details)
 		    break;
 		}
 #endif /* HAVE_PRIV_SET */
+		SET_STRING("runas_user=", runas_user)
 		break;
 	    case 's':
 		SET_STRING("selinux_role=", selinux_role)
@@ -848,7 +849,10 @@ command_info_to_details(char * const info[], struct command_details *details)
 #ifdef HAVE_SETAUTHDB
     aix_setauthdb(IDtouser(details->euid), NULL);
 #endif
-    details->pw = getpwuid(details->euid);
+    if (details->runas_user != NULL)
+	details->pw = getpwnam(details->runas_user);
+    if (details->pw == NULL)
+	details->pw = getpwuid(details->euid);
 #ifdef HAVE_SETAUTHDB
     aix_restoreauthdb();
 #endif
diff --git a/src/sudo.h b/src/sudo.h
index 013209414..da005c831 100644
--- a/src/sudo.h
+++ b/src/sudo.h
@@ -161,6 +161,7 @@ struct command_details {
     struct passwd *pw;
     GETGROUPS_T *groups;
     const char *command;
+    const char *runas_user;
     const char *cwd;
     const char *login_class;
     const char *chroot;