seteuid and setegid; markus ok

2 files changed, 9 insertions, 3 deletions

diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index 5839276e34b..7fbceffffdc 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.266 2003/05/24 09:30:40 djm Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.267 2003/05/29 16:58:45 deraadt Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -555,8 +555,10 @@ privsep_preauth_child(void)
 	do_setusercontext(pw);
 #else
 	gidset[0] = pw->pw_gid;
+	if (setegid(pw->pw_gid) < 0)
+		fatal("setegid failed for %u", (u_int)pw->pw_gid);
 	if (setgid(pw->pw_gid) < 0)
-		fatal("setgid failed for %u", (u_int)pw->pw_gid );
+		fatal("setgid failed for %u", (u_int)pw->pw_gid);
 	if (setgroups(1, gidset) < 0)
 		fatal("setgroups: %.100s", strerror(errno));
 	permanently_set_uid(pw);
diff --git a/usr.bin/ssh/uidswap.c b/usr.bin/ssh/uidswap.c
index 791f368256d..de7dc9db7d1 100644
--- a/usr.bin/ssh/uidswap.c
+++ b/usr.bin/ssh/uidswap.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: uidswap.c,v 1.23 2002/07/15 17:15:31 stevesk Exp $");
+RCSID("$OpenBSD: uidswap.c,v 1.24 2003/05/29 16:58:45 deraadt Exp $");
 
 #include "log.h"
 #include "uidswap.h"
@@ -115,8 +115,12 @@ permanently_set_uid(struct passwd *pw)
 		fatal("permanently_set_uid: temporarily_use_uid effective");
 	debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
 	    (u_int)pw->pw_gid);
+	if (setegid(pw->pw_gid) < 0)
+		fatal("setegid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
 	if (setgid(pw->pw_gid) < 0)
 		fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
+	if (seteuid(pw->pw_uid) < 0)
+		fatal("seteuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
 	if (setuid(pw->pw_uid) < 0)
 		fatal("setuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
 }