Stefan Monnier wrote:
> /run is not an option for non-root users, I believe.
It works for me on Ubuntu 18.04.1 and seems to be used for this sort of thing:
There is no /run on macOS, and I'm pretty sure at least OpenBSD have rejected the idea.
Would not a better choice be to locate the socket at ${HOME}/.emacs.d/${something} instead? That avoids the need to make it globally accessible in the first place.
I'd also note that root can bypass file permissions, and it isn't exactly a complex protocol to implement ... but also that root can simply change userid to the appropriate value at will, and access it, should they wish.
At heart, I don't think this is really a security issue, so much as that root is the ultimate force for bypassing all protection in the Unix world. Without going to something akin to SELinux, or some similar MAC system, there isn't any way to prevent root accessing any socket, by design.
So, the very best case would be that emacsclient makes this check as a convenience to prevent surprises to the user, and would not materially improve the security of the system against users with root permissions.