source3/smbd/server.c set socket close on exec

Set SOCKET_CLOEXEC on the sockets returned by accept.  This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index f8c1aa65744f4c7294439e36ef5b377a2b8cefc9..79786d68853619912b30e33523c647127dbf121b 100644 (file)
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -975,6 +975,7 @@ static void smbd_accept_connection(struct tevent_context *ev,
                         strerror(errno)));
                return;
        }
+       smb_set_close_on_exec(fd);
 
        if (s->parent->interactive) {
                reinit_after_fork(msg_ctx, ev, true, NULL);