The experimental 'Project Gemini' [https://gemini.circumlunar.space/] has a few servers written in Go, and one in particular [ https://tildegit.org/solderpunk/molly-brown] makes this claim:
It is very important to be aware that programs written in Go are unable to > reliably change their UID once started, due to how goroutines are > implemented on unix systems. As an unavoidable consequence of this, CGI > processes started by Molly Brown are run as the same user as the server > process. Surely this is not true? This claim seems to suggest a big security issue that I would hope can be refuted by Go experts -- perhaps the maintainers of the molly-brown project could be guided to a solution so this scary claim could be removed. I wanted to try out the above server but am hesitant to do so given the above ... -R. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CAN4yCu9Su_-N%2BPD-ULG_hv68sPs2JAr7%2BpuTBHpMN7s%3DRaA%2Bcg%40mail.gmail.com.
