Comment 20 for bug 1682411

FWIW this fix still leaves a race that is potentially exploitable - if you can either force the agent to restart (or know that it will restart), you just have to continuously open the socket and if you land between the net.Listen and os.Chmod calls, you still have root. This may be acceptable, but it does not fully resolve the issue.

A more correct fix is to restrict access by changing/restricting permissions on the directory containing the socket so that the socket is never accessible. The other (more complex) alternative is to open the socket manually with the correct mode.