From f3f769f74c13f8a8ca96a516634e4660c36d6eb8 Mon Sep 17 00:00:00 2001
From: Erik Dubbelboer <erik@dubbelboer.com>
Date: Sat, 6 Jun 2026 17:30:23 +0800
Subject: [PATCH] security: SO_REUSEADDR on Windows enables port hijacking
 (#2254) (#2284)

---
 reuseport/reuseport_windows.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/reuseport/reuseport_windows.go b/reuseport/reuseport_windows.go
index bf5c312..981c3b2 100644
--- a/reuseport/reuseport_windows.go
+++ b/reuseport/reuseport_windows.go
@@ -16,8 +16,12 @@ var listenConfig = net.ListenConfig{
 	},
 }
 
-// Listen returns TCP listener with SO_REUSEADDR option set, SO_REUSEPORT is not supported on Windows, so it uses
-// SO_REUSEADDR as an alternative to achieve the same effect.
+// Listen returns TCP listener with SO_REUSEADDR option set.
+//
+// SO_REUSEPORT is not supported on Windows, so SO_REUSEADDR is used as an
+// approximation. Unlike POSIX SO_REUSEPORT, Windows SO_REUSEADDR does not
+// provide same-user or same-group isolation between processes that bind the
+// same address.
 func Listen(network, addr string) (net.Listener, error) {
 	return listenConfig.Listen(context.Background(), network, addr)
 }