From 34f7894719dccd701f2bd9eee5669ea8b1ab7473 Mon Sep 17 00:00:00 2001
From: Gary Lockyer <gary@catalyst.net.nz>
Date: Mon, 11 Dec 2017 09:37:28 +1300
Subject: ctdb/tcp/tcp_connect.c set socket close on exec

Set SOCKET_CLOEXEC on the sockets returned by accept.  This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 ctdb/tcp/tcp_connect.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'ctdb/tcp')

diff --git a/ctdb/tcp/tcp_connect.c b/ctdb/tcp/tcp_connect.c
index 82f2e746192..17aafc415f7 100644
--- a/ctdb/tcp/tcp_connect.c
+++ b/ctdb/tcp/tcp_connect.c
@@ -249,6 +249,7 @@ static void ctdb_listen_event(struct tevent_context *ev, struct tevent_fd *fde,
 	len = sizeof(addr);
 	fd = accept(ctcp->listen_fd, (struct sockaddr *)&addr, &len);
 	if (fd == -1) return;
+	smb_set_close_on_exec(fd);
 
 	nodeid = ctdb_ip_to_nodeid(ctdb, &addr);
 
-- 
cgit v1.2.1