diff options
author | Gary Lockyer <gary@catalyst.net.nz> | 2017-12-11 09:31:33 +1300 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2018-04-20 11:53:09 +0200 |
commit | 5457c2fd4b5caf370973c9f79b8f7e2056230785 (patch) | |
tree | 8a10a898e0a4d6aa0c74c80cb828d7c56e5eea54 /lib/tevent | |
parent | b3448666ccebe142d7844271d150d48f430504ed (diff) | |
download | samba-5457c2fd4b5caf370973c9f79b8f7e2056230785.tar.gz |
lib/async_req/async_sock.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8b3c58251146d2e982a6c9fdb3828ca65e307a96)
Diffstat (limited to 'lib/tevent')
-rw-r--r-- | lib/tevent/echo_server.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/tevent/echo_server.c b/lib/tevent/echo_server.c index 3b2122dac11..f93d8bcdee7 100644 --- a/lib/tevent/echo_server.c +++ b/lib/tevent/echo_server.c @@ -118,7 +118,7 @@ static void accept_handler(struct tevent_context *ev, struct tevent_fd *fde, tevent_req_error(req, errno); return; } - smb_set_close_on_exec(state->listen_sock); + smb_set_close_on_exec(ret); state->sock = ret; tevent_req_done(req); } |