From a6f541d58da637344c2b7899fa96283714950dff Mon Sep 17 00:00:00 2001 From: dtucker Date: Wed, 24 Jun 2015 01:49:19 +0000 Subject: [PATCH] Revert previous commit. We still want to call setgroups in the case where there are zero groups to remove any that we might otherwise inherit (as pointed out by grawity at gmail.com) and since the 2nd argument to setgroups is always a static global it's always valid to dereference in this case. ok deraadt@ djm@ --- usr.bin/ssh/uidswap.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/usr.bin/ssh/uidswap.c b/usr.bin/ssh/uidswap.c index ed09f5a9611..01f68775cf1 100644 --- a/usr.bin/ssh/uidswap.c +++ b/usr.bin/ssh/uidswap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.c,v 1.38 2015/06/22 12:29:57 dtucker Exp $ */ +/* $OpenBSD: uidswap.c,v 1.39 2015/06/24 01:49:19 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -76,7 +76,7 @@ temporarily_use_uid(struct passwd *pw) fatal("getgroups: %.100s", strerror(errno)); } /* Set the effective uid to the given (unprivileged) uid. */ - if (user_groupslen > 0 && setgroups(user_groupslen, user_groups) < 0) + if (setgroups(user_groupslen, user_groups) < 0) fatal("setgroups: %.100s", strerror(errno)); if (setegid(pw->pw_gid) < 0) fatal("setegid %u: %.100s", (u_int)pw->pw_gid, @@ -103,8 +103,7 @@ restore_uid(void) /* Set the effective uid back to the saved privileged uid. */ if (seteuid(saved_euid) < 0) fatal("seteuid %u: %.100s", (u_int)saved_euid, strerror(errno)); - if (saved_egroupslen > 0 && - setgroups(saved_egroupslen, saved_egroups) < 0) + if (setgroups(saved_egroupslen, saved_egroups) < 0) fatal("setgroups: %.100s", strerror(errno)); if (setegid(saved_egid) < 0) fatal("setegid %u: %.100s", (u_int)saved_egid, strerror(errno)); -- 2.20.1