===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/uidswap.c,v
retrieving revision 1.16.2.3
retrieving revision 1.17
diff -u -r1.16.2.3 -r1.17
--- src/usr.bin/ssh/uidswap.c	2002/06/02 22:56:11	1.16.2.3
+++ src/usr.bin/ssh/uidswap.c	2001/08/08 18:20:15	1.17
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: uidswap.c,v 1.16.2.3 2002/06/02 22:56:11 miod Exp $");
+RCSID("$OpenBSD: uidswap.c,v 1.17 2001/08/08 18:20:15 markus Exp $");
 
 #include "log.h"
 #include "uidswap.h"
@@ -54,8 +54,8 @@
 	}
 	privileged = 1;
 	temporarily_use_uid_effective = 1;
-	saved_egid = getegid();
-	saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups);
+	saved_egid = getegid();                                                       
+	saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups);                           
 	if (saved_egroupslen < 0)
 		fatal("getgroups: %.100s", strerror(errno));
 
@@ -64,13 +64,14 @@
 		if (initgroups(pw->pw_name, pw->pw_gid) < 0)
 			fatal("initgroups: %s: %.100s", pw->pw_name,
 			    strerror(errno));
-		user_groupslen = getgroups(NGROUPS_MAX, user_groups);
+		user_groupslen = getgroups(NGROUPS_MAX, user_groups);                           
 		if (user_groupslen < 0)
 			fatal("getgroups: %.100s", strerror(errno));
 	}
 	/* Set the effective uid to the given (unprivileged) uid. */
 	if (setgroups(user_groupslen, user_groups) < 0)
 		fatal("setgroups: %.100s", strerror(errno));
+	pw->pw_gid = pw->pw_gid;
 	if (setegid(pw->pw_gid) < 0)
 		fatal("setegid %u: %.100s", (u_int) pw->pw_gid,
 		    strerror(errno));
@@ -108,6 +109,9 @@
 void
 permanently_set_uid(struct passwd *pw)
 {
+	/* it's a no-op unless privileged */
+	if (!privileged)
+		return;
 	if (temporarily_use_uid_effective)
 		fatal("restore_uid: temporarily_use_uid effective");
 	if (setgid(pw->pw_gid) < 0)