Module security 

Functions

bind_unix_listener

Bind a UnixListener with TOCTOU-safe stale socket handling and 0600 permissions.

checked_dup

dup(2) that returns an OwnedFd or an error (instead of silently returning -1).

clamp_winsize

Clamp window-size values to a sane range, preventing zero-sized or absurdly large values.

secure_create_dir_all

Create a directory hierarchy with mode 0700, validating ownership of existing components. Trusted system roots (/, /tmp, /run, $XDG_RUNTIME_DIR) are accepted without ownership checks. All other existing directories must be owned by the current user and must not be symlinks.

verify_peer_uid

Verify that the peer on a Unix stream has the same UID as the current process.