lib/async_req/async_sock.c set socket close on exec

Set SOCKET_CLOEXEC on the sockets returned by accept.  This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/lib/async_req/async_sock.c b/lib/async_req/async_sock.c
index db3916e07e7a2f718d8ec0d9fdfd2f50fc4e890d..0a8a333f4f34152dedb6f3d423be3f4c3135144b 100644 (file)
--- a/lib/async_req/async_sock.c
+++ b/lib/async_req/async_sock.c
@@ -738,6 +738,7 @@ static void accept_handler(struct tevent_context *ev, struct tevent_fd *fde,
                tevent_req_error(req, errno);
                return;
        }
+       smb_set_close_on_exec(ret);
        state->sock = ret;
        tevent_req_done(req);
 }

diff --git a/lib/tevent/echo_server.c b/lib/tevent/echo_server.c
index 3b2122dac114a21eb14ae5216d587e8216be4e68..f93d8bcdee7200ca66bac11a3a2b202c55678acc 100644 (file)
--- a/lib/tevent/echo_server.c
+++ b/lib/tevent/echo_server.c
@@ -118,7 +118,7 @@ static void accept_handler(struct tevent_context *ev, struct tevent_fd *fde,
                tevent_req_error(req, errno);
                return;
        }
-       smb_set_close_on_exec(state->listen_sock);
+       smb_set_close_on_exec(ret);
        state->sock = ret;
        tevent_req_done(req);
 }