From: Gary Lockyer <gary@catalyst.net.nz>
Date: Sun, 10 Dec 2017 20:58:59 +0000 (+1300)
Subject: source3/winbindd/winbindd.c set socket close on exec
X-Git-Tag: talloc-2.1.11~145
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=242aacb0e25c606ba1d003fb37e41d0b1b8c8e96;p=thirdparty%2Fsamba.git

source3/winbindd/winbindd.c set socket close on exec

Set SOCKET_CLOEXEC on the sockets returned by accept.  This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index 23e8a5ede5e..fc7c1691873 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -874,6 +874,7 @@ static void new_connection(int listen_sock, bool privileged)
 		}
 		return;
 	}
+	smb_set_close_on_exec(sock);
 
 	DEBUG(6,("accepted socket %d\n", sock));