git.samba.org / bbaumbach / samba-autobuild / .git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 34f7894)
source3/rpc_server/rpc_server.c set socket close on exec
authorGary Lockyer <gary@catalyst.net.nz>
Sun, 10 Dec 2017 20:39:43 +0000 (09:39 +1300)
committerAndrew Bartlett <abartlet@samba.org>
Mon, 18 Dec 2017 03:38:20 +0000 (04:38 +0100)
Set SOCKET_CLOEXEC on the sockets returned by accept.  This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source3/rpc_server/rpc_server.c patch | blob | history

diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c
index e15cd205cdc8b659e628aa27ca963aa776d51a47..94335b3ea53a3fcc1c13790b2f0be6fb80a69e96 100644 (file)
--- a/source3/rpc_server/rpc_server.c
+++ b/source3/rpc_server/rpc_server.c
@@ -216,6 +216,7 @@ static void named_pipe_listener(struct tevent_context *ev,
                }
                return;
        }
+       smb_set_close_on_exec(sd);
 
        DEBUG(6, ("Accepted socket %d\n", sd));
 
@@ -722,6 +723,7 @@ static void dcerpc_ncacn_tcpip_listener(struct tevent_context *ev,
                }
                return;
        }
+       smb_set_close_on_exec(s);
 
        rc = tsocket_address_bsd_from_sockaddr(state,
                                               (struct sockaddr *)(void *) &addr,
@@ -892,6 +894,7 @@ static void dcerpc_ncalrpc_listener(struct tevent_context *ev,
                }
                return;
        }
+       smb_set_close_on_exec(sd);
 
        rc = tsocket_address_bsd_from_sockaddr(state,
                                               addr, len,
Unnamed repository; edit this file 'description' to name the repository.