[PATCH] Set SOCKET_CLOEXEC on sockets returned by accept
Andrew Bartlett
abartlet at samba.org
Fri Dec 15 07:43:15 UTC 2017
On Fri, 2017-12-15 at 08:16 +0100, Volker Lendecke via samba-technical
wrote:
> On Fri, Dec 15, 2017 at 02:32:03PM +1300, Gary Lockyer via samba-technical wrote:
> > Patches to Set SOCKET_CLOEXEC on the sockets returned by accept.
> > This means that the socket is not available to any child processes.
> > Making it harder for exploit code to set up a command channel.
>
> Is the commit message really correct? I thought CLOEXEC only closes on
> exec, not on fork. Where did you find that such sockets don't extend
> to child processes, i.e. are closed on fork(2)?
G'Day Volker,
Yeah, that's a good point. A child process created by system() would be
a better description.
I asked Gary to do this one, the aim was to make simple attacks that
call system() like this one a little more miserable:
https://gist.github.com/worawit/051e881fc94fe4a49295
Not much, and not enough but perhaps it helps mitigate things some day.
Better practical steps or ideas on what might make Samba less
exploitable are most welcome!
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list