From d5f64c1ecd8f13f01681d0a18b8f3174ff9bd225 Mon Sep 17 00:00:00 2001
From: Joseph Richey <joerichey94@gmail.com>
Date: Fri, 1 Sep 2017 00:50:42 -0700
Subject: security: No more permenant privilege dropping

This was creating an issue becasuse fully dropping privileges required
spawning a goroutine and using rutime.DropOSThread().
---
 pam/pam.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'pam/pam.go')

diff --git a/pam/pam.go b/pam/pam.go
index 657e9fb..998772c 100644
--- a/pam/pam.go
+++ b/pam/pam.go
@@ -134,14 +134,14 @@ func (h *Handle) StartAsPamUser() error {
 	if err := security.KeyringsSetup(h.PamUser, h.OrigUser); err != nil {
 		return err
 	}
-	return security.SetThreadPrivileges(h.PamUser, false)
+	return security.SetThreadPrivileges(h.PamUser)
 }
 
 // StopAsPamUser restores the original privileges that were running the
 // PAM module (this is usually root). As this error is often ignored in a defer
 // statement, any error is also logged.
 func (h *Handle) StopAsPamUser() error {
-	err := security.SetThreadPrivileges(h.OrigUser, false)
+	err := security.SetThreadPrivileges(h.OrigUser)
 	if err != nil {
 		log.Print(err)
 	}
-- 
cgit v1.2.3