ctdb/server/ctdb_daemon.c set socket close on exec

Set SOCKET_CLOEXEC on the sockets returned by accept.  This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/ctdb/server/ctdb_daemon.c b/ctdb/server/ctdb_daemon.c
index 459dd2932ee27bcc628c57ea91aa37a1f6319c8c..35c1ab639b5f56ccf1160ff1bb086373b035d2f6 100644 (file)
--- a/ctdb/server/ctdb_daemon.c
+++ b/ctdb/server/ctdb_daemon.c
@@ -949,6 +949,7 @@ static void ctdb_accept_client(struct tevent_context *ev,
        if (fd == -1) {
                return;
        }
+       smb_set_close_on_exec(fd);
 
        ret = set_blocking(fd, false);
        if (ret != 0) {