From 5457c2fd4b5caf370973c9f79b8f7e2056230785 Mon Sep 17 00:00:00 2001
From: Gary Lockyer <gary@catalyst.net.nz>
Date: Mon, 11 Dec 2017 09:31:33 +1300
Subject: lib/async_req/async_sock.c set socket close on exec

Set SOCKET_CLOEXEC on the sockets returned by accept.  This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8b3c58251146d2e982a6c9fdb3828ca65e307a96)
---
 lib/tevent/echo_server.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/tevent')

diff --git a/lib/tevent/echo_server.c b/lib/tevent/echo_server.c
index 3b2122dac11..f93d8bcdee7 100644
--- a/lib/tevent/echo_server.c
+++ b/lib/tevent/echo_server.c
@@ -118,7 +118,7 @@ static void accept_handler(struct tevent_context *ev, struct tevent_fd *fde,
 		tevent_req_error(req, errno);
 		return;
 	}
-	smb_set_close_on_exec(state->listen_sock);
+	smb_set_close_on_exec(ret);
 	state->sock = ret;
 	tevent_req_done(req);
 }
-- 
cgit v1.2.1