Comment by mrcslws
7 days ago
I think it's okay as long as:
- sockets are blocked by default, until they are added to an allow-list explicitly on the server side
- True sudo awareness ensures root sockets aren't reachable without the sudo password. (This capability is important, because otherwise you create an incentive for people to run root backends with user-accessible sockets.)
More here: https://outerloop.sh/security/
There’s no such thing as a root socket. Stop using that phrase.