upstream: Remove support for running ssh(1) setuid and fatal if

attempted. Do not link uidwap.c into ssh any more.  Neuters
UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@
djm@

OpenBSD-Commit-ID: c4ba5bf9c096f57a6ed15b713a1d7e9e2e373c42

1 files changed, 1 insertions, 32 deletions

diff --git a/uidswap.c b/uidswap.c
index 1430b822a..49f76d818 100644
--- a/uidswap.c
+++ b/uidswap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: uidswap.c,v 1.40 2018/06/15 07:01:11 djm Exp $ */
+/* $OpenBSD: uidswap.c,v 1.41 2018/07/18 11:34:04 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -135,37 +135,6 @@ temporarily_use_uid(struct passwd *pw)
 		    strerror(errno));
 }
 
-void
-permanently_drop_suid(uid_t uid)
-{
-#ifndef NO_UID_RESTORATION_TEST
-	uid_t old_uid = getuid();
-#endif
-
-	debug("permanently_drop_suid: %u", (u_int)uid);
-	if (setresuid(uid, uid, uid) < 0)
-		fatal("setresuid %u: %.100s", (u_int)uid, strerror(errno));
-
-#ifndef NO_UID_RESTORATION_TEST
-	/*
-	 * Try restoration of UID if changed (test clearing of saved uid).
-	 *
-	 * Note that we don't do this on Cygwin, or on Solaris-based platforms
-	 * where fine-grained privileges are available (the user might be
-	 * deliberately allowed the right to setuid back to root).
-	 */
-	if (old_uid != uid &&
-	    (setuid(old_uid) != -1 || seteuid(old_uid) != -1))
-		fatal("%s: was able to restore old [e]uid", __func__);
-#endif
-
-	/* Verify UID drop was successful */
-	if (getuid() != uid || geteuid() != uid) {
-		fatal("%s: euid incorrect uid:%u euid:%u (should be %u)",
-		    __func__, (u_int)getuid(), (u_int)geteuid(), (u_int)uid);
-	}
-}
-
 /*
  * Restores to the original (privileged) uid.
  */