diff options
author | Gary Lockyer <gary@catalyst.net.nz> | 2017-12-11 09:37:28 +1300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-12-18 04:38:20 +0100 |
commit | 34f7894719dccd701f2bd9eee5669ea8b1ab7473 (patch) | |
tree | b039d385688ed8e961b34d5bf15030dc7dffe9bc | |
parent | 9ccf164550ab139edf123d00f68fd43d500d734c (diff) | |
download | samba-34f7894719dccd701f2bd9eee5669ea8b1ab7473.tar.gz |
ctdb/tcp/tcp_connect.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r-- | ctdb/tcp/tcp_connect.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ctdb/tcp/tcp_connect.c b/ctdb/tcp/tcp_connect.c index 82f2e746192..17aafc415f7 100644 --- a/ctdb/tcp/tcp_connect.c +++ b/ctdb/tcp/tcp_connect.c @@ -249,6 +249,7 @@ static void ctdb_listen_event(struct tevent_context *ev, struct tevent_fd *fde, len = sizeof(addr); fd = accept(ctcp->listen_fd, (struct sockaddr *)&addr, &len); if (fd == -1) return; + smb_set_close_on_exec(fd); nodeid = ctdb_ip_to_nodeid(ctdb, &addr); |