Comment by calmbonsai

7 days ago

Do not do this. There are many, many excellent long-standing security and "web control plane isolation" reasons browsers are not permitted generic socket permissions.

The closest mechanical analog that comes to mind is why 3-wheeled ATVs are a bad idea.

I think it's okay as long as:

  - sockets are blocked by default, until they are added to an allow-list explicitly on the server side
  - True sudo awareness ensures root sockets aren't reachable without the sudo password. (This capability is important, because otherwise you create an incentive for people to run root backends with user-accessible sockets.)

More here: https://outerloop.sh/security/