Merge pull request #97 from ebiggers/privileges_fix

security: drop and regain privileges in all threads
author: Joseph Richey <joerichey@google.com> 2018-04-19 11:14:12 -0700
committer: GitHub <noreply@github.com> 2018-04-19 11:14:12 -0700
commit: 3e32282af2f62829c711593a670e5d893df45196 (patch)
tree: a201198a2f48222b2613d301b7ba6bb0e492d41e /pam
parent: 6c4ba88620db97ab90736595ede937f3610f161d (diff)
parent: aa88bf4527cced6e3e16ca3e5ae07076cc8217f0 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/pam/pam.go b/pam/pam.go
index 0c2262e..ba254c8 100644
--- a/pam/pam.go
+++ b/pam/pam.go
@@ -140,14 +140,14 @@ func (h *Handle) StartAsPamUser() error {
 	if _, err := security.UserKeyringID(h.PamUser, true); err != nil {
 		log.Printf("Setting up keyrings in PAM: %v", err)
 	}
-	return security.SetThreadPrivileges(h.PamUser)
+	return security.SetProcessPrivileges(h.PamUser)
 }
 
 // StopAsPamUser restores the original privileges that were running the
 // PAM module (this is usually root). As this error is often ignored in a defer
 // statement, any error is also logged.
 func (h *Handle) StopAsPamUser() error {
-	err := security.SetThreadPrivileges(h.OrigUser)
+	err := security.SetProcessPrivileges(h.OrigUser)
 	if err != nil {
 		log.Print(err)
 	}
author	Joseph Richey <joerichey@google.com>	2018-04-19 11:14:12 -0700
committer	GitHub <noreply@github.com>	2018-04-19 11:14:12 -0700
commit	3e32282af2f62829c711593a670e5d893df45196 (patch)
tree	a201198a2f48222b2613d301b7ba6bb0e492d41e /pam
parent	6c4ba88620db97ab90736595ede937f3610f161d (diff)
parent	aa88bf4527cced6e3e16ca3e5ae07076cc8217f0 (diff)