From: Gary Lockyer <gary@catalyst.net.nz>
Date: Sun, 10 Dec 2017 21:03:45 +0000 (+1300)
Subject: source4/lib/socket/socket_ip.c set socket close on exec
X-Git-Tag: talloc-2.1.11~144
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=416b7e93fc37bdf19ac52f3c9beb8b231d1cdd78;p=thirdparty%2Fsamba.git

source4/lib/socket/socket_ip.c set socket close on exec

Set SOCKET_CLOEXEC on the sockets returned by accept.  This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Dec 18 08:49:57 CET 2017 on sn-devel-144
---

diff --git a/source4/lib/socket/socket_ip.c b/source4/lib/socket/socket_ip.c
index 6ec525265a7..87b7bf4911d 100644
--- a/source4/lib/socket/socket_ip.c
+++ b/source4/lib/socket/socket_ip.c
@@ -235,6 +235,8 @@ static NTSTATUS ipv4_accept(struct socket_context *sock, struct socket_context *
 			return map_nt_error_from_unix_common(errno);
 		}
 	}
+	smb_set_close_on_exec(new_fd);
+
 
 	/* TODO: we could add a 'accept_check' hook here
 	 *	 which get the black/white lists via socket_set_accept_filter()
@@ -762,6 +764,7 @@ static NTSTATUS ipv6_tcp_accept(struct socket_context *sock, struct socket_conte
 			return map_nt_error_from_unix_common(errno);
 		}
 	}
+	smb_set_close_on_exec(new_fd);
 
 	/* TODO: we could add a 'accept_check' hook here
 	 *	 which get the black/white lists via socket_set_accept_filter()