lib/async_req/async_sock.c set socket close on exec

Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that the socket is unavailable to any child process created by system(). Making it harder for malicious code to set up a command channel, as seen in the exploit for CVE-2015-0240 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 8b3c58251146d2e982a6c9fdb3828ca65e307a96)
author: Gary Lockyer <gary@catalyst.net.nz> 2017-12-11 09:31:33 +1300
committer: Karolin Seeger <kseeger@samba.org> 2018-04-20 11:53:09 +0200
commit: 5457c2fd4b5caf370973c9f79b8f7e2056230785 (patch)
tree: 8a10a898e0a4d6aa0c74c80cb828d7c56e5eea54 /lib/tevent
parent: b3448666ccebe142d7844271d150d48f430504ed (diff)
download: samba-5457c2fd4b5caf370973c9f79b8f7e2056230785.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/tevent/echo_server.c b/lib/tevent/echo_server.c
index 3b2122dac11..f93d8bcdee7 100644
--- a/lib/tevent/echo_server.c
+++ b/lib/tevent/echo_server.c
@@ -118,7 +118,7 @@ static void accept_handler(struct tevent_context *ev, struct tevent_fd *fde,
 		tevent_req_error(req, errno);
 		return;
 	}
-	smb_set_close_on_exec(state->listen_sock);
+	smb_set_close_on_exec(ret);
 	state->sock = ret;
 	tevent_req_done(req);
 }
author	Gary Lockyer <gary@catalyst.net.nz>	2017-12-11 09:31:33 +1300
committer	Karolin Seeger <kseeger@samba.org>	2018-04-20 11:53:09 +0200
commit	5457c2fd4b5caf370973c9f79b8f7e2056230785 (patch)
tree	8a10a898e0a4d6aa0c74c80cb828d7c56e5eea54 /lib/tevent
parent	b3448666ccebe142d7844271d150d48f430504ed (diff)
download	samba-5457c2fd4b5caf370973c9f79b8f7e2056230785.tar.gz