Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 15 Aug 2025 13:18:32 GMT
From:      Kyle Evans <kevans@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 207cf8773aa7 - main - Revert "ssh: sshd-session: properly save off the privileged gid"
Message-ID:  <202508151318.57FDIWfx064628@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=207cf8773aa7600b340cf673d973add10d9031e5

commit 207cf8773aa7600b340cf673d973add10d9031e5
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2025-08-15 13:17:58 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2025-08-15 13:17:58 +0000

    Revert "ssh: sshd-session: properly save off the privileged gid"
    
    This reverts commit 239e8c98636a7578cc67a6f9d54d14c71b095e36.
    
    Fixes:  9da2fe96ff ("kern: fix setgroups(2) and getgroups(2) [...]")
---
 crypto/openssh/uidswap.c | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/crypto/openssh/uidswap.c b/crypto/openssh/uidswap.c
index 0143f4994611..6ed3024d0180 100644
--- a/crypto/openssh/uidswap.c
+++ b/crypto/openssh/uidswap.c
@@ -14,9 +14,6 @@
 
 #include "includes.h"
 
-#ifdef __FreeBSD__
-#include <assert.h>
-#endif
 #include <errno.h>
 #include <pwd.h>
 #include <string.h>
@@ -124,20 +121,8 @@ temporarily_use_uid(struct passwd *pw)
 		fatal("setgroups: %.100s", strerror(errno));
 #ifndef SAVED_IDS_WORK_WITH_SETEUID
 	/* Propagate the privileged gid to all of our gids. */
-#ifdef __FreeBSD__
-	/*
-	 * FreeBSD traditionally includes the egid as the first element.  If we
-	 * use getegid() here then we effectively propagate user_groups[0],
-	 * which is probably pw->pw_gid.  Fix it to work as intended by using
-	 * the egid we already have stashed off.
-	 */
-	assert(saved_egroupslen > 0);
-	if (setgid(saved_egroups[0]) == -1)
-		debug("setgid %u: %.100s", (u_int) saved_egroups[0], strerror(errno));
-#else
 	if (setgid(getegid()) == -1)
 		debug("setgid %u: %.100s", (u_int) getegid(), strerror(errno));
-#endif
 	/* Propagate the privileged uid to all of our uids. */
 	if (setuid(geteuid()) == -1)
 		debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno));

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202508151318.57FDIWfx064628>