Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
if ((num > 0) && (revents & (POLLIN|POLLHUP|POLLERR))) {
c = accept(s, (struct sockaddr *)&ss, &in_addrlen);
if (c != -1) {
+ smb_set_close_on_exec(c);
if (fork() == 0) {
close(s);
filter_child(c, &dest_ss);