💾 Archived View for rawtext.club › ~sloum › geminilist › 000598.gmi captured on 2020-09-24 at 02:27:34. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Steve Ryan stryan at saintnet.tech
Thu May 14 16:26:23 BST 2020
- - - - - - - - - - - - - - - - - - - ``` On 20/05/14 03:08PM, solderpunk wrote: > I'm frankly baffled that a language with Ken Thompson and Rob Pike as > designers, created specifically to help Google engineers write server > software, could turn out to be so terrible for...writing servers on > unix. I can only imagine this has happened because nobody at Google > would ever do something so terribly mundane and non-scalable as fork > off an entire whole new process on the same machine to generate some > content. Probably there'd be ten layers of containers and proxying and > reverse-proxying and other Cloudian faff keeping the content-generating > processes separated from the server processes so that uids were a quaint > and irrelevant consideration. > > (if any Go wizards have recently joined the list and can correct me on > any of the above I'd be thrilled) > As an FYI, there's is a proposed patch[0] to add proper setuid droppingfor Golang. It's not through yet but is in review and testing stage.Hopefully it'll make it in for 1.15. Otherwise you're correct; all-thread setuid is done either through rawsyscalls and process forking wizardry, syscalls, wrapper programs, etc. For my (also Golang) server SecretShop I've been handling it through thesystemd unit file. A bit messy, but I'm also not explictly supportingmulti-user deployments. -Steve [0] https://go-review.googlesource.com/c/go/+/210639