X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/6c69a6a9e68d7e363142f2bbb87ed33494871d5c..87809a1fb8c9a9de6304271b0ce8eb8df2db3189:/sshd.c

diff --git a/sshd.c b/sshd.c
index 18df8ab8..851fad4b 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.250 2002/06/23 10:29:52 deraadt Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.251 2002/06/25 18:51:04 markus Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -530,6 +530,7 @@ static void
 privsep_preauth_child(void)
 {
 	u_int32_t rand[256];
+	gid_t gidset[2];
 	struct passwd *pw;
 	int i;
 
@@ -559,7 +560,17 @@ privsep_preauth_child(void)
 	/* Drop our privileges */
 	debug3("privsep user:group %u:%u", (u_int)pw->pw_uid,
 	    (u_int)pw->pw_gid);
+#if 0
+	/* XXX not ready, to heavy after chroot */
 	do_setusercontext(pw);
+#else
+	gidset[0] = pw->pw_gid;
+	if (setgid(pw->pw_gid) < 0)
+		fatal("setgid failed for %u", pw->pw_gid );
+	if (setgroups(1, gidset) < 0)
+		fatal("setgroups: %.100s", strerror(errno));
+	permanently_set_uid(pw);
+#endif
 }
 
 static Authctxt*