source3/utils/smbfilter.c set socket close on exec

Set SOCKET_CLOEXEC on the sockets returned by accept.  This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source3/utils/smbfilter.c b/source3/utils/smbfilter.c
index 5a00a40a516457889f126de543c04d6a17b7922e..85aca4f9334c200ddbb261ce2b2b046d6e869e64 100644 (file)
--- a/source3/utils/smbfilter.c
+++ b/source3/utils/smbfilter.c
@@ -308,6 +308,7 @@ static void start_filter(char *desthost)
                if ((num > 0) && (revents & (POLLIN|POLLHUP|POLLERR))) {
                        c = accept(s, (struct sockaddr *)&ss, &in_addrlen);
                        if (c != -1) {
+                               smb_set_close_on_exec(c);
                                if (fork() == 0) {
                                        close(s);
                                        filter_child(c, &dest_ss);