Dropping Privileges in Go (v1.7)

The task of creating a custom web server in Golang often encounters a need to bind to privileged ports like port 80. To ensure security, it is crucial to drop root privileges after binding to such ports. This article explores the issue of dropping privileges in Go and provides a solution.

In earlier versions of Go, utilizing syscall.SetUid() to drop privileges would return "Not supported." As an alternative, one could redirect port 80 to a non-privileged port using iptables. However, this solution opens security vulnerabilities by allowing non-root processes to impersonate the web server.

The solution lies in using a combination of Go's networking and system call capabilities. After opening the privileged port and determining the UID, we can identify the desired user, obtain their UID, and set both the UID and GID using the glibc functions setgid() and setuid(). It is important to execute this code immediately after binding the port, but before calling http.Serve.

The provided code snippet demonstrates this approach. It first loads necessary TLS certificates and listens on a privileged port. If the application is running as root, it downgrades to a specified user by setting the UID and GID using glibc calls. Subsequently, it listens for incoming requests and serves the web content.

This solution effectively addresses the need for dropping privileges in Go applications. It allows for the creation of secure and robust custom web servers without compromising security.