Comment 29 for bug 1682411

If it's possible that unknown other operations may be executing concurrently in the same process then probably a new directory should be created with restricted permissions that could be used for creating the socket, which would then be inaccessible to all processes without CAP_DAC_OVERRIDE and/or CAP_DAC_READ_SEARCH. Once the permissions are set correctly then the directory permissions could be widened.

I didn't find any reference to AF_UNIX on what appears to be the Windows socket(2) analog: https://msdn.microsoft.com/en-us/library/windows/desktop/ms740506(v=vs.85).aspx

Thanks