Privilege Separation In Go

Most computer programs run with far more privileges than necessary. Many techniques have been developed to drop privileges and split applications into multiple components, each of which can run with the least amount of privileges necessary to do its job. This can greatly reduce the impact of security bugs, as the affected component will hopefully no longer have the rights to spawn other processes or even access files. Relatively small architectural changes can result in huge security gains.

Most privilege separated daemons out there are written in C. However, it is also possible to do this in Go, as this talk will show with almost copy-pasteable examples targeting POSIX-like operating systems.

Both the interactive slides and demo code is available in - the following repository, https://codeberg.org/oxzi/go-privsep-showcase, - this blog post, https://log.0x21.biz/posts/go-privdrop/ and - this future blog post, https://log.0x21.biz/posts/go-privsep/, I have to finalize (will be released soon, I promise).