|
|
|
|
|
|
by kcudrevelc
3448 days ago
|
|
|
> Under Linux, some SECCOMP initialization and capability dances having to do with dropping root and closing off privilege-escalation attacks as soon as possible after startup. I was under the impression that these specific things were actually quite hard to do in Go. I believe that both setuid/setgid and seccomp_load change the current OS thread (only), and since Go multiplexes across multiple threads and gives programmers very little control over which ones are used for what goroutines, I'm not sure how you would, for example, apply a seccomp context across all threads in a Go program. setuid/setgid are currently unsupported for this reason, with the best method being "start a subprocess and pass it file descriptors" (https://github.com/golang/go/issues/1435). I'd be interested to hear if others have found ways to actually do this reliably for all OS threads underlying a running Go process. |
|
|
Switched to Rust and there was only had one hidden system call left, getrandom used to initialize the hashmap