commit fe5ddf0305d25e709a13458eb3a8f07ad459f5a3
Author: John Arbash Meinel <john@arbash-meinel.com>
Date:   Fri May 5 14:06:21 2017 -0400

    Minimal fix for bug #1682411.
    
    Set umask appropriately so that others can't access the socket.

diff --git a/juju/sockets/sockets_nix.go b/juju/sockets/sockets_nix.go
index 0a8fe79907..c4cf299a49 100644
--- a/juju/sockets/sockets_nix.go
+++ b/juju/sockets/sockets_nix.go
@@ -6,6 +6,7 @@ import (
 	"net"
 	"net/rpc"
 	"os"
+	"syscall"
 )
 
 func Dial(socketPath string) (*rpc.Client, error) {
@@ -17,6 +18,8 @@ func Listen(socketPath string) (net.Listener, error) {
 	if err := os.Remove(socketPath); err != nil {
 		logger.Tracef("ignoring error on removing %q: %v", socketPath, err)
 	}
+	origMask := syscall.Umask(0077)
+	defer syscall.Umask(origMask)
 	listener, err := net.Listen("unix", socketPath)
 	if err != nil {
 		logger.Errorf("failed to listen on unix:%s: %v", socketPath, err)