The debugging feature uses a launch.json file which sets parameters to use when running delve. The generated default includes "port": 2345, which instructs delve to expose the API TCP server on port 2345. The delve default is to use port 0, which will cause the OS to select a free ephemeral port. One implication of using a static port 2345 is that it will not work if another service is listening on port 2345. It also makes derekparker/delve#1332 trivial to exploit, i.e., a malicious user or program on the same host can hijack the debugger.

Recommendation: set "port": 0 in the generated launch.json or leave the setting out altogether. For the use of VS Code I don't see why the user would want to set a fixed port when debugging locally.

Steps to Reproduce:

1. Start debugging (F5). This will have the delve listen port unset, so a free ephemeral port will be used. API server listening at: 127.0.0.1:16234. (16234 is picked by the OS).
2. In the Delve view click the settings cogwheel. This generates and writes .vscode/launch.json which has "port": 2345.
3. Stop and start debugging again. Now the launch config will be used and delve will listen on port 2345. API server listening at: 127.0.0.1:2345.

.vscode/launch.json with port set to 2345 will also be generated through many other paths, e.g., if there is an error running or attaching to delve, then the user will be prompted to open launch.json.