Document that binding local sockets now honors the user's umask, why this
was done and that this behavior is not supposed to be portable. Filling under the security considerations section because code not following the guidelines given here can be "less secure".
This commit is contained in:
jmmv
parent
b077bb7f72
commit
379e595c13
|
|
@ -1,4 +1,4 @@
|
|||
.\" $NetBSD: bind.2,v 1.24 2004/05/13 10:20:57 wiz Exp $
|
||||
.\" $NetBSD: bind.2,v 1.25 2005/08/30 15:05:04 jmmv Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1983, 1993
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
|
|
@ -29,7 +29,7 @@
|
|||
.\"
|
||||
.\" @(#)bind.2 8.1 (Berkeley) 6/4/93
|
||||
.\"
|
||||
.Dd October 16, 2001
|
||||
.Dd August 30, 2005
|
||||
.Dt BIND 2
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
@ -167,3 +167,17 @@ and
|
|||
packets destined for a server that bound to the
|
||||
same port with
|
||||
.Li INADDR_ANY .
|
||||
.Pp
|
||||
.Fn bind
|
||||
was changed in
|
||||
.Nx 4.0
|
||||
to honor the user's umask when binding sockets in the local domain.
|
||||
This was done to match the behavior of other operating systems, including
|
||||
.Fx ,
|
||||
.Ox and
|
||||
Linux, and to improve compatibility with some third-party software.
|
||||
Please note that this behavior
|
||||
.Em is not portable .
|
||||
If you must bind a local socket in a portable and secure way, you need
|
||||
to make a directory with tight permissions and then create the socket
|
||||
inside it.
|
||||
|
|
|
|||
Loading…
Reference in New Issue