diff options
author | Gary Lockyer <gary@catalyst.net.nz> | 2017-12-11 10:03:45 +1300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-12-18 08:49:57 +0100 |
commit | 416b7e93fc37bdf19ac52f3c9beb8b231d1cdd78 (patch) | |
tree | 2313808fc50d2d2a82588e61d52de9b1f9f0d1f3 /source4/lib | |
parent | 242aacb0e25c606ba1d003fb37e41d0b1b8c8e96 (diff) | |
download | samba-416b7e93fc37bdf19ac52f3c9beb8b231d1cdd78.tar.gz |
source4/lib/socket/socket_ip.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Dec 18 08:49:57 CET 2017 on sn-devel-144
Diffstat (limited to 'source4/lib')
-rw-r--r-- | source4/lib/socket/socket_ip.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/source4/lib/socket/socket_ip.c b/source4/lib/socket/socket_ip.c index 6ec525265a7..87b7bf4911d 100644 --- a/source4/lib/socket/socket_ip.c +++ b/source4/lib/socket/socket_ip.c @@ -235,6 +235,8 @@ static NTSTATUS ipv4_accept(struct socket_context *sock, struct socket_context * return map_nt_error_from_unix_common(errno); } } + smb_set_close_on_exec(new_fd); + /* TODO: we could add a 'accept_check' hook here * which get the black/white lists via socket_set_accept_filter() @@ -762,6 +764,7 @@ static NTSTATUS ipv6_tcp_accept(struct socket_context *sock, struct socket_conte return map_nt_error_from_unix_common(errno); } } + smb_set_close_on_exec(new_fd); /* TODO: we could add a 'accept_check' hook here * which get the black/white lists via socket_set_accept_filter() |