1 files changed, 2 insertions, 35 deletions
diff --git a/ssh.c b/ssh.c
index 609c209d1..49a9fab20 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.486 2018/07/16 22:25:01 dtucker Exp $ */
+/* $OpenBSD: ssh.c,v 1.487 2018/07/18 11:34:04 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -104,7 +104,6 @@
 #include "sshpty.h"
 #include "match.h"
 #include "msg.h"
-#include "uidswap.h"
 #include "version.h"
 #include "ssherr.h"
 #include "myproposal.h"
@@ -628,24 +627,6 @@ main(int ac, char **av)
        original_real_uid = getuid();
        original_effective_uid = geteuid();
-        /*
-         * Use uid-swapping to give up root privileges for the duration of
-         * option processing.  We will re-instantiate the rights when we are
-         * ready to create the privileged port, and will permanently drop
-         * them when the port has been created (actually, when the connection
-         * has been made, as we may need to create the port several times).
-         */
-        PRIV_END;
-#ifdef HAVE_SETRLIMIT
-        /* If we are installed setuid root be careful to not drop core. */
-        if (original_real_uid != original_effective_uid) {
-                struct rlimit rlim;
-                rlim.rlim_cur = rlim.rlim_max = 0;
-                if (setrlimit(RLIMIT_CORE, &rlim) < 0)
-                        fatal("setrlimit failed: %.100s", strerror(errno));
-        }
-#endif
        /* Get user data. */
        pw = getpwuid(original_real_uid);
        if (!pw) {
@@ -1448,22 +1429,8 @@ main(int ac, char **av)
                        L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 9);
                }
        }
-        /*
-         * Get rid of any extra privileges that we may have.  We will no
-         * longer need them.  Also, extra privileges could make it very hard
-         * to read identity files and other non-world-readable files from the
-         * user's home directory if it happens to be on a NFS volume where
-         * root is mapped to nobody.
-         */
-        if (original_effective_uid == 0) {
-                PRIV_START;
-                permanently_set_uid(pw);
-        }
-        /*
+        /* Create ~/.ssh * directory if it doesn't already exist. */
-         * Now that we are back to our own permissions, create ~/.ssh
-         * directory if it doesn't already exist.
-         */
        if (config == NULL) {
                r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
                    strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);

diff --git a/ssh.c b/ssh.c index 609c209d1..49a9fab20 100644 --- a/ssh.c +++ b/ssh.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh.c,v 1.486 2018/07/16 22:25:01 dtucker Exp $ */	1	/* $OpenBSD: ssh.c,v 1.487 2018/07/18 11:34:04 dtucker Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -104,7 +104,6 @@
104	#include "sshpty.h"	104	#include "sshpty.h"
105	#include "match.h"	105	#include "match.h"
106	#include "msg.h"	106	#include "msg.h"
107	#include "uidswap.h"
108	#include "version.h"	107	#include "version.h"
109	#include "ssherr.h"	108	#include "ssherr.h"
110	#include "myproposal.h"	109	#include "myproposal.h"
@@ -628,24 +627,6 @@ main(int ac, char **av)
628	original_real_uid = getuid();	627	original_real_uid = getuid();
629	original_effective_uid = geteuid();	628	original_effective_uid = geteuid();
630		629
631	/*
632	* Use uid-swapping to give up root privileges for the duration of
633	* option processing. We will re-instantiate the rights when we are
634	* ready to create the privileged port, and will permanently drop
635	* them when the port has been created (actually, when the connection
636	* has been made, as we may need to create the port several times).
637	*/
638	PRIV_END;
639
640	#ifdef HAVE_SETRLIMIT
641	/* If we are installed setuid root be careful to not drop core. */
642	if (original_real_uid != original_effective_uid) {
643	struct rlimit rlim;
644	rlim.rlim_cur = rlim.rlim_max = 0;
645	if (setrlimit(RLIMIT_CORE, &rlim) < 0)
646	fatal("setrlimit failed: %.100s", strerror(errno));
647	}
648	#endif
649	/* Get user data. */	630	/* Get user data. */
650	pw = getpwuid(original_real_uid);	631	pw = getpwuid(original_real_uid);
651	if (!pw) {	632	if (!pw) {
@@ -1448,22 +1429,8 @@ main(int ac, char **av)
1448	L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 9);	1429	L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 9);
1449	}	1430	}
1450	}	1431	}
1451	/*
1452	* Get rid of any extra privileges that we may have. We will no
1453	* longer need them. Also, extra privileges could make it very hard
1454	* to read identity files and other non-world-readable files from the
1455	* user's home directory if it happens to be on a NFS volume where
1456	* root is mapped to nobody.
1457	*/
1458	if (original_effective_uid == 0) {
1459	PRIV_START;
1460	permanently_set_uid(pw);
1461	}
1462		1432
1463	/*	1433	/* Create ~/.ssh * directory if it doesn't already exist. */
1464	* Now that we are back to our own permissions, create ~/.ssh
1465	* directory if it doesn't already exist.
1466	*/
1467	if (config == NULL) {	1434	if (config == NULL) {
1468	r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,	1435	r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
1469	strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);	1436	strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);