You can clone with
HTTPS or Subversion.
This assumption is violated if the process binds the socket as root, and later drops it's effective UID for security.
We discovered this recently with stunnel, when configured to run as non-root user 'stunnel4'.
Play with enabling/disabling the setuid/setgid options in /etc/stunnel/stunnel.conf. Assume $port is a port bound by stunnel.
Using the ruby bindings & running irb as root, Sigar.new().proc_port(Sigar::NETCONN_TCP, $port) returns the stunnel PID when stunnel is also running as root. 0 is returned if stunnel drops to user 'stunnel4'