bind() was changed in
NetBSD 1.4 to prevent the binding of a socket to the same port as an existing socket when all of the following is true:
•
either of the existing or new addresses is INADDR_ANY,
•
the uid of the new socket is not root, and the uids of the creators of the sockets are different,
•
the address is not a multicast address, and
•
both sockets are not bound to INADDR_ANY with SO_REUSEPORT set.
This prevents an attack where a user could bind to a port with the host's IP address (after setting
SO_REUSEADDR) and ‘steal' packets destined for a server that bound to the same port with
INADDR_ANY.
bind() was changed in
NetBSD 4.0 to honor the user's umask when binding sockets in the local domain. This was done to match the behavior of other operating systems, including
FreeBSD,
OpenBSD, and Linux, and to improve compatibility with some third-party software. Please note that this behavior
is not portable. If you must bind a local socket in a portable and secure way, you need to make a directory with tight permissions and then create the socket inside it.