New sessions briefly appear as attached due to socket permission race

[DonaldoDes]

Description

When creating a session with atch start, the socket file is momentarily created with S_IXUSR set (mode 0755), then corrected to 0600 via chmod. During this window, atch list reads the stale permission and shows the session as [attached].

Reproduction

1. atch start session1
2. Immediately run atch list → session1 may show [attached] despite no client being connected

Root cause

In create_socket(), umask(077) is set before socket() but restored before bind(). With the default shell umask (022), bind() creates the socket file with mode 0755 (S_IXUSR present). The subsequent chmod(name, 0600) fixes it, but there's a TOCTOU window.

Suggested fix

Use umask(0177) before bind() so the socket is created directly with mode 0600 (no S_IXUSR). Restore umask after bind.