From nobody Sat Aug 09 16:02:34 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bzlzG4yCjz64Ydj; Sat, 09 Aug 2025 16:02:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bzlzG1swDz3c8v; Sat, 09 Aug 2025 16:02:34 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1754755354; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wsGcDiMNvfDnASLtyeDdTMVtrRLPmPFMXDbFg+n0piA=; b=JsbN0f1wZ40N/jL4/Aux3mBN96WRxSuJTGgH1uPlXDQKCFTWQ/NwUAdrCHcXHz8Nm7Swbo h5sdPvejYMNVpnD1x3SJ7pWs0gHK0GajFmkwnZqw6uv6gjRGOywy3GXaT0f2DFI+YTrb/H nzePxLkbpP/B5Kpemww9aRbnNTrxQy05P6hZCUlk2d9KiOS3uxC+Jx6LJ5aGIy0E4QY0aK w//zjCPicRAX1dVKlPQ8Ru9S3RV/Q0bzZdbKltaE2BUVrDVXTWvCIz1Ca5q1lAnX2OrUqZ AJdZriZB7LCZvm+I/TYkcIgmQN1LGg491cTjE4XA+j/hrqe3yNdpiej3TFdHfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1754755354; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wsGcDiMNvfDnASLtyeDdTMVtrRLPmPFMXDbFg+n0piA=; b=ILfbFPfbq+To382NIS/VQm+aND78KQIZY+bSR0DC8LfEduqan2hljIKKoGpho8KZWbMZGM 5dFaXZsQ1E+FxKcrckUDp+pZBmjMjlTCD55x4/elAg7XAgHRKvk8KbIr8FggQw8MHCgn1c wEb00xGB4F+uuLnRI1u6jxJ60Z9dw7XemY16tgvR1cBeaRK/NppeVsXzBH+Aau51bRQW9l 3q3PZyRZ+XkGMgv2Cq5RZE+8q1kB483u9zLo9W6+T/6vziEJtrE1/uMtNgjQp5QnUedBaK EEJAOKAZ7OwP2ZJhtp6Sv18UV7HwyqCgHaXWC/RCV6J7nECtYE/5BozIMIRmFA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1754755354; a=rsa-sha256; cv=none; b=izC3VNaKIfZ5cAKYqBidnJZnG4TcrAbzKKw/q9sGOpFLqy7OaE0EDzDqeE4yPszx+Q+Oj4 3ZYMnGqIHCaR/jgfmFk3TcMoeZpE43bjtvgOl94whvygxhsIr/tcjFVHlmzTD0Qfy8F45B 8l37fz2hi43qm75CB97IPZvUBtVIQN/mR/K3PPOe9B48b8RBrP6c7Klw22a5DI3iC8ruM1 ggAQ+R2PRezAumeP/WRA+G3LRmR3w8TYuA4XZNIKQAWDaLzzSNmghNG5s74o9j3GPzKP7K pSnuqwx1eh2864x85cq2U+ITZTxsnETp0KZ++KH8YlpSPXGw3cpA/9NiDsO+Kw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bzlzG191hzCF0; Sat, 09 Aug 2025 16:02:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 579G2Y6F016155; Sat, 9 Aug 2025 16:02:34 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 579G2YuR016152; Sat, 9 Aug 2025 16:02:34 GMT (envelope-from git) Date: Sat, 9 Aug 2025 16:02:34 GMT Message-Id: <202508091602.579G2YuR016152@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kyle Evans Subject: git: 239e8c98636a - main - ssh: sshd-session: properly save off the privileged gid List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 239e8c98636a7578cc67a6f9d54d14c71b095e36 Auto-Submitted: auto-generated The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=239e8c98636a7578cc67a6f9d54d14c71b095e36 commit 239e8c98636a7578cc67a6f9d54d14c71b095e36 Author: Kyle Evans AuthorDate: 2025-08-09 16:01:57 +0000 Commit: Kyle Evans CommitDate: 2025-08-09 16:01:57 +0000 ssh: sshd-session: properly save off the privileged gid Current and traditional FreeBSD behavior means that getegid() here is the first element in the prior setgroups() call, if any, so we may inadvertently wipe out our rgid with the unprivileged gid. This is rendered somewhat harmless by the fact that we're losing the privileged gid -- we'll still regain it as the egid in restore_uid() later by way of restoring saved_egroups, rather than by intentionally restoring it from getgid(). This will be promptly reverted if we can get setgroups(2)/getgroups(2) changed in FreeBSD 15.0, but it seemed wise to get this technically correct for previous branches. Reviewed by: jlduran Differential Revision: https://reviews.freebsd.org/D51753 --- crypto/openssh/uidswap.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/crypto/openssh/uidswap.c b/crypto/openssh/uidswap.c index 6ed3024d0180..0143f4994611 100644 --- a/crypto/openssh/uidswap.c +++ b/crypto/openssh/uidswap.c @@ -14,6 +14,9 @@ #include "includes.h" +#ifdef __FreeBSD__ +#include +#endif #include #include #include @@ -121,8 +124,20 @@ temporarily_use_uid(struct passwd *pw) fatal("setgroups: %.100s", strerror(errno)); #ifndef SAVED_IDS_WORK_WITH_SETEUID /* Propagate the privileged gid to all of our gids. */ +#ifdef __FreeBSD__ + /* + * FreeBSD traditionally includes the egid as the first element. If we + * use getegid() here then we effectively propagate user_groups[0], + * which is probably pw->pw_gid. Fix it to work as intended by using + * the egid we already have stashed off. + */ + assert(saved_egroupslen > 0); + if (setgid(saved_egroups[0]) == -1) + debug("setgid %u: %.100s", (u_int) saved_egroups[0], strerror(errno)); +#else if (setgid(getegid()) == -1) debug("setgid %u: %.100s", (u_int) getegid(), strerror(errno)); +#endif /* Propagate the privileged uid to all of our uids. */ if (setuid(geteuid()) == -1) debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno));