The branch main has been updated by kevans:
URL:
https://cgit.FreeBSD.org/src/commit/?id=207cf8773aa7600b340cf673d973add10d9031e5
commit 207cf8773aa7600b340cf673d973add10d9031e5
Author: Kyle Evans <kev...@freebsd.org>
AuthorDate: 2025-08-15 13:17:58 +0000
Commit: Kyle Evans <kev...@freebsd.org>
CommitDate: 2025-08-15 13:17:58 +0000
Revert "ssh: sshd-session: properly save off the privileged gid"
This reverts commit 239e8c98636a7578cc67a6f9d54d14c71b095e36.
Fixes: 9da2fe96ff ("kern: fix setgroups(2) and getgroups(2) [...]")
---
crypto/openssh/uidswap.c | 15 ---------------
1 file changed, 15 deletions(-)
diff --git a/crypto/openssh/uidswap.c b/crypto/openssh/uidswap.c
index 0143f4994611..6ed3024d0180 100644
--- a/crypto/openssh/uidswap.c
+++ b/crypto/openssh/uidswap.c
@@ -14,9 +14,6 @@
#include "includes.h"
-#ifdef __FreeBSD__
-#include <assert.h>
-#endif
#include <errno.h>
#include <pwd.h>
#include <string.h>
@@ -124,20 +121,8 @@ temporarily_use_uid(struct passwd *pw)
fatal("setgroups: %.100s", strerror(errno));
#ifndef SAVED_IDS_WORK_WITH_SETEUID
/* Propagate the privileged gid to all of our gids. */
-#ifdef __FreeBSD__
- /*
- * FreeBSD traditionally includes the egid as the first element. If we
- * use getegid() here then we effectively propagate user_groups[0],
- * which is probably pw->pw_gid. Fix it to work as intended by using
- * the egid we already have stashed off.
- */
- assert(saved_egroupslen > 0);
- if (setgid(saved_egroups[0]) == -1)
- debug("setgid %u: %.100s", (u_int) saved_egroups[0],
strerror(errno));
-#else
if (setgid(getegid()) == -1)
debug("setgid %u: %.100s", (u_int) getegid(), strerror(errno));
-#endif
/* Propagate the privileged uid to all of our uids. */
if (setuid(geteuid()) == -1)
debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno));
