The bigger problem is that in go you can not do privilege revocation. And althou... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

mioelnir on May 22, 2016 | parent | context | favorite | on: Achieving a Perfect SSL Labs Score with Go

The bigger problem is that in go you can not do privilege revocation. And although unprivileged binding <=1023 has been a solved problem for well over a decade, most people still consider it a dark art.

So they go for a reverse proxy, more often than not, just to get the 80/443 binding.

frou_dh on May 22, 2016 [–]

Is setcap(8) the informed thing to be using on Linux?

mioelnir on May 23, 2016 | [–]

Yes, and it works good with Go since you have static executables so you do not have to set the capability on an interpreter. But you have to reapply it after every upgrade, which is easy enough to automate. That said, I mostly use mac_portacl on FreeBSD.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact