NOTE TO ALL PERSPECTIVE WHISTLE BLOWERS
EVEN THE ANNOYING ONES THAT HAVE A LONG
ESTABLISHED HISTORY OF BEING JERKS:
YOU CAN REACH EVAN VIA SIGNAL
281.901.0011.
OLIVE BRANCH, ETC.
I know my fame and legendary repute may lead one to believe otherwise, but I hate drama. I probably hate drama more than anyone else on the planet. We should _just_ focus on the facts when I post. And on the facts, I know for certain that we're always on the same page and in agreement, so long as you're right. And you're normally right.
You can't be the best troll, if you never troll: I never troll, ever. But other than that. Luigi's acct wasn't renamed by a community mod, from Zoe and as quoted in the article
> I can confirm SE, Inc. were the ones to clear his name. A reason was not specified anywhere obvious. Mods have been given explicit instructions not to touch that profile. While this particular incident may be limited to SO, the implications of this affect the entire network
It's not clear why the request parser would have to be trusted. I assume you're just speaking about the call to execve running in context? That's not much of a request parser. At the point that you tell `run0` to launch a shell, you're not calling the actual commands to the shell the request parser, right?
I also think the notion of an untrusted client is kind of a hashed out thing. As said in the post itself, `run0` is an interface to `systemd-run`. `systemd-run` as a client may be more _involved_ but it doesn't seem like that has any relevance to whether or not it's more secure. It's a separate layer for the insecurity. While sudo is a single process, if it was two processes it wouldn't all have to run as root. That by necessity means something that was previously running as root isn't, which makes it more secure -- not less, right?
The actual elevator process is systemd itself which already runs as init on every machine you'll have `run0`. But by nature it's always the top of the process tree, it seems like it's _less_ complex to have systemd-init the immediate parent process. There are fewer thing that can leak into or be inherited by the spawned process.
I also don't understand your argument on simplicity. You make mention in multiple points about "await". You don't like it. We get it. In what way is it not simple? And how does it follow that Go is more simple (using the same definition).