From nobody Fri Aug 15 13:18:32 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4c3N3F0C8rz653WM; Fri, 15 Aug 2025 13:18:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4c3N3D6hmwz3qQ7; Fri, 15 Aug 2025 13:18:32 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1755263913; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JajUyrd5yDehMP/CxQ2vph4y1VqKV/auFA8voSh580g=; b=n/YFPMzeW5U62JmSrTEFJFOcycG7DzdPQGSl2G7eVOXQ1g/BJkJz6RNdKqZPLx2Pi/mW2R 23a25M1nf4x4jwVTEfcHVY/X3+ZBj7oLfSqwCWYNg0fTFeNyyL8fZEx9S1Ed4psEvqguoe 34n9ZnRqCvV2AqYD4PVQbqBP+Bl8gLtcjEPtmuMngpKQLPuNjoH3zwCbiSHHHkkMt3fyUf IvsfN4SHoWoDl+jCL+gQOg5n/v9pJmTgovg7HWpqwR9hlZoIeshCrz/i3BFopZdAe9t55p s9neEbgphzQPsXIU+a0ZzbddDRSP0C55neU8LKNLrttD6xn3VOLFrV5jeLQjoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1755263913; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JajUyrd5yDehMP/CxQ2vph4y1VqKV/auFA8voSh580g=; b=xM7Hg01CzZt0qEGQllkkDqfrXqrGjdj27vnjnRb39heP3iBxH2KjvFgKuzVcU4neFmDBwq J/n3defoL0+xfvBV9MYCtFRTltEgPjfSku4XaGEJH/p8JAY6evraqgTnmHwbiX4j7/Hu5D Ere6rleyQ14C7kaebli/Ra2lBeOrcsXfxKlf+3fH17HZwYcBJtLHKeXxzpkJSOSOlvg1ba 7JzeLD8OEIDeEs/9BrUCwvQfpNriYy0mL9FT2gFCW7spwZ5aorXMv0rqMyWAWf/9DXLcip yqaaHMuuLctitYIMTbUfJy7NDhmMpBrVLhguWGBvFHj5M9tmHunLCYaoHivQqA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1755263913; a=rsa-sha256; cv=none; b=lWHzwB6OrbunSTiWT5GfICE/7hSENNE6ZmMgJcGQc3JoWiADFEYHoXeK3gUJEQyU1fAwXW +E1Ihvs7d5lrnKZP8ND0cwSIiSkKC/IB2XbGkgnMxYZfw5BDd7KvrH7kpLxiDBnKkvWqeN 91OViH45cMQAIZGpnBVIm63ioDDd9TCuBmFq2JQTTFNICVrVvxhUkAvuuvhODseGR1+Tr5 5SWaZLHIQK2O1lw6lDNi7I1onzrkiR/c/WAT4fiWbfY9BtcdTrDh51G+5cHZCYhoG87cAA aX6B70KIn1ebtGIwS44wqIfeZdTtZfk+SiciYpmH4aZJnZuCfdaiqBJjb1ofqg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4c3N3D5rLczgJD; Fri, 15 Aug 2025 13:18:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 57FDIWul064631; Fri, 15 Aug 2025 13:18:32 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 57FDIWfx064628; Fri, 15 Aug 2025 13:18:32 GMT (envelope-from git) Date: Fri, 15 Aug 2025 13:18:32 GMT Message-Id: <202508151318.57FDIWfx064628@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kyle Evans Subject: git: 207cf8773aa7 - main - Revert "ssh: sshd-session: properly save off the privileged gid" List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 207cf8773aa7600b340cf673d973add10d9031e5 Auto-Submitted: auto-generated The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=207cf8773aa7600b340cf673d973add10d9031e5 commit 207cf8773aa7600b340cf673d973add10d9031e5 Author: Kyle Evans AuthorDate: 2025-08-15 13:17:58 +0000 Commit: Kyle Evans CommitDate: 2025-08-15 13:17:58 +0000 Revert "ssh: sshd-session: properly save off the privileged gid" This reverts commit 239e8c98636a7578cc67a6f9d54d14c71b095e36. Fixes: 9da2fe96ff ("kern: fix setgroups(2) and getgroups(2) [...]") --- crypto/openssh/uidswap.c | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/crypto/openssh/uidswap.c b/crypto/openssh/uidswap.c index 0143f4994611..6ed3024d0180 100644 --- a/crypto/openssh/uidswap.c +++ b/crypto/openssh/uidswap.c @@ -14,9 +14,6 @@ #include "includes.h" -#ifdef __FreeBSD__ -#include -#endif #include #include #include @@ -124,20 +121,8 @@ temporarily_use_uid(struct passwd *pw) fatal("setgroups: %.100s", strerror(errno)); #ifndef SAVED_IDS_WORK_WITH_SETEUID /* Propagate the privileged gid to all of our gids. */ -#ifdef __FreeBSD__ - /* - * FreeBSD traditionally includes the egid as the first element. If we - * use getegid() here then we effectively propagate user_groups[0], - * which is probably pw->pw_gid. Fix it to work as intended by using - * the egid we already have stashed off. - */ - assert(saved_egroupslen > 0); - if (setgid(saved_egroups[0]) == -1) - debug("setgid %u: %.100s", (u_int) saved_egroups[0], strerror(errno)); -#else if (setgid(getegid()) == -1) debug("setgid %u: %.100s", (u_int) getegid(), strerror(errno)); -#endif /* Propagate the privileged uid to all of our uids. */ if (setuid(geteuid()) == -1) debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno));