sudo @1.8.8_1 fails with "unable to open /opt/local/etc/sudoers: Permission denied"

[shabble@…]

Any privs-requiring invocation of sudo fails with the following error:

sudo -V

Sudo version 1.8.8
sudo: unable to open /opt/local/etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

Permissions appear correct for both the sudo binary and the sudoers file:

stat /opt/local/bin/sudo 
  File: ‘/opt/local/bin/sudo’
  Size: 117036    	Blocks: 232        IO Block: 4096   regular file
Device: e000002h/234881026d	Inode: 25568007    Links: 1
Access: (4755/-rwsr-xr-x)  Uid: (    0/    root)   Gid: (    0/   wheel)
Access: 2013-10-26 16:06:53.000000000 +0100
Modify: 2013-10-02 20:52:47.000000000 +0100
Change: 2013-10-23 13:54:23.000000000 +0100
 Birth: 2013-10-02 20:52:47.000000000 +0100

stat /opt/local/etc/sudoers

  File: ‘/opt/local/etc/sudoers’
  Size: 3429      	Blocks: 8          IO Block: 4096   regular file
Device: e000002h/234881026d	Inode: 25568014    Links: 1
Access: (0440/-r--r-----)  Uid: (    0/    root)   Gid: (   20/   staff)
Access: 2013-10-26 16:05:12.000000000 +0100
Modify: 2013-10-02 20:52:46.000000000 +0100
Change: 2013-10-23 13:54:23.000000000 +0100
 Birth: 2013-10-02 20:52:46.000000000 +0100

Attached is dtruss log output (via /usr/bin/sudo dtruss /opt/local/bin/sudo true &> sudo-truss.log) from the 1.8.8_1 version.

Note that this is a distinct problem from the bug reported in #40644 / sudo @1.8.6p7_0, which also happens/happened to me.

Re-testing with that version demonstrates:

$ /usr/bin/sudo port activate -f sudo@1.8.6p7_0
...

$ sudo -V 
Sudo version 1.8.6p7
Sudoers policy plugin version 1.8.6p7
Sudoers file grammar version 42
Sudoers I/O plugin version 1.8.6p7

$ sudo true 
Password:
$ echo $?
0

$ sudo -u shabble true
sudo: unable to change to runas uid (501, 501): Operation not permitted
sudo: unable to execute /usr/bin/true: Operation not permitted

[shabble@…]

dtruss output of running `sudo true' with broken version.