From 961cb65d693c36d7811b15a2023a35b9c5413044 Mon Sep 17 00:00:00 2001
From: "R. Steve McKown" <rsmckown@gmail.com>
Date: Sun, 23 Sep 2012 20:52:58 -0600
Subject: [PATCH] Ensure non-repo ssh commands run as connecting user.

---
 repo_shell.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/repo_shell.c b/repo_shell.c
index 1b06ec3..ecce7d3 100644
--- a/repo_shell.c
+++ b/repo_shell.c
@@ -348,8 +348,10 @@ int main(int argc, char **argv)
 		return 0;
 	}
 
-	if (argc == 1 && check_ssh_interactive(getuid()))
+	if (argc == 1 && check_ssh_interactive(getuid())) {
+		setuid(getuid());
 		execvp(shell_argv[0], (char *const *) shell_argv);
+        }
 
 #ifdef USE_DEFAULTS
 	ini_parse("repo_shell.cfg", handler, &cfg);
@@ -388,6 +390,7 @@ int main(int argc, char **argv)
 	if (!check_ssh_interactive(getuid()))
 		die("only repository access is allowed");
 
+	setuid(getuid());
 	cd_to_homedir();
 	count = split_cmdline(prog, &user_argv);
 	if (count >= 0) {
-- 
2.39.2