[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Mon Dec 18 07:50:03 UTC 2017
The branch, master has been updated
via 416b7e9 source4/lib/socket/socket_ip.c set socket close on exec
via 242aacb source3/winbindd/winbindd.c set socket close on exec
via 562ac9a source3/utils/smbfilter.c set socket close on exec
via 40877f3 source3/libsmb/unexpected.c set socket close on exec
via 92e801a source3/smbd/server.c set socket close on exec
via 215d608 source3/lib/server_prefork.c set socket close on exec
via 3a504d4 source3/rpc_server/rpc_server.c set socket close on exec
via 34f7894 ctdb/tcp/tcp_connect.c set socket close on exec
via 9ccf164 ctdb/server/ctdb_daemon.c set socket close on exec
via 8b3c582 lib/async_req/async_sock.c set socket close on exec
via 954eddd lib/tevent/echo_server.c set socket close on exec
from 142060d WHATSNEW: Encrypted secrets
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 416b7e93fc37bdf19ac52f3c9beb8b231d1cdd78
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Mon Dec 11 10:03:45 2017 +1300
source4/lib/socket/socket_ip.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Dec 18 08:49:57 CET 2017 on sn-devel-144
commit 242aacb0e25c606ba1d003fb37e41d0b1b8c8e96
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Mon Dec 11 09:58:59 2017 +1300
source3/winbindd/winbindd.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 562ac9a9559802b64cb8b2990a8172444040a1c8
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Mon Dec 11 09:57:04 2017 +1300
source3/utils/smbfilter.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 40877f3e8af9756db29ee7bf3ab555aa2953243c
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Mon Dec 11 09:54:34 2017 +1300
source3/libsmb/unexpected.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 92e801aad5aec25d0aeb3b016b02d85642ed3269
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Mon Dec 11 09:51:35 2017 +1300
source3/smbd/server.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 215d6089c3b8cef53276bf808f82dd814711b2af
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Mon Dec 11 09:46:07 2017 +1300
source3/lib/server_prefork.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3a504d48c39a9dda97b3d02d63c247329631d168
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Mon Dec 11 09:39:43 2017 +1300
source3/rpc_server/rpc_server.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 34f7894719dccd701f2bd9eee5669ea8b1ab7473
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Mon Dec 11 09:37:28 2017 +1300
ctdb/tcp/tcp_connect.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9ccf164550ab139edf123d00f68fd43d500d734c
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Mon Dec 11 09:36:08 2017 +1300
ctdb/server/ctdb_daemon.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8b3c58251146d2e982a6c9fdb3828ca65e307a96
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Mon Dec 11 09:31:33 2017 +1300
lib/async_req/async_sock.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 954eddd0b8c25424fd44bbd002ba36873fe2c8d4
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Mon Dec 11 09:17:49 2017 +1300
lib/tevent/echo_server.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
ctdb/server/ctdb_daemon.c | 1 +
ctdb/tcp/tcp_connect.c | 1 +
lib/async_req/async_sock.c | 1 +
lib/tevent/echo_server.c | 1 +
source3/lib/server_prefork.c | 1 +
source3/libsmb/unexpected.c | 1 +
source3/rpc_server/rpc_server.c | 3 +++
source3/smbd/server.c | 1 +
source3/utils/smbfilter.c | 1 +
source3/winbindd/winbindd.c | 1 +
source4/lib/socket/socket_ip.c | 3 +++
11 files changed, 15 insertions(+)
Changeset truncated at 500 lines:
diff --git a/ctdb/server/ctdb_daemon.c b/ctdb/server/ctdb_daemon.c
index 459dd29..35c1ab6 100644
--- a/ctdb/server/ctdb_daemon.c
+++ b/ctdb/server/ctdb_daemon.c
@@ -949,6 +949,7 @@ static void ctdb_accept_client(struct tevent_context *ev,
if (fd == -1) {
return;
}
+ smb_set_close_on_exec(fd);
ret = set_blocking(fd, false);
if (ret != 0) {
diff --git a/ctdb/tcp/tcp_connect.c b/ctdb/tcp/tcp_connect.c
index 82f2e74..17aafc4 100644
--- a/ctdb/tcp/tcp_connect.c
+++ b/ctdb/tcp/tcp_connect.c
@@ -249,6 +249,7 @@ static void ctdb_listen_event(struct tevent_context *ev, struct tevent_fd *fde,
len = sizeof(addr);
fd = accept(ctcp->listen_fd, (struct sockaddr *)&addr, &len);
if (fd == -1) return;
+ smb_set_close_on_exec(fd);
nodeid = ctdb_ip_to_nodeid(ctdb, &addr);
diff --git a/lib/async_req/async_sock.c b/lib/async_req/async_sock.c
index db3916e..0a8a333 100644
--- a/lib/async_req/async_sock.c
+++ b/lib/async_req/async_sock.c
@@ -738,6 +738,7 @@ static void accept_handler(struct tevent_context *ev, struct tevent_fd *fde,
tevent_req_error(req, errno);
return;
}
+ smb_set_close_on_exec(ret);
state->sock = ret;
tevent_req_done(req);
}
diff --git a/lib/tevent/echo_server.c b/lib/tevent/echo_server.c
index 6e7f181..f93d8bc 100644
--- a/lib/tevent/echo_server.c
+++ b/lib/tevent/echo_server.c
@@ -118,6 +118,7 @@ static void accept_handler(struct tevent_context *ev, struct tevent_fd *fde,
tevent_req_error(req, errno);
return;
}
+ smb_set_close_on_exec(ret);
state->sock = ret;
tevent_req_done(req);
}
diff --git a/source3/lib/server_prefork.c b/source3/lib/server_prefork.c
index 1d64db2..52c11ad 100644
--- a/source3/lib/server_prefork.c
+++ b/source3/lib/server_prefork.c
@@ -620,6 +620,7 @@ static void prefork_listen_accept_handler(struct tevent_context *ev,
state->error, strerror(state->error)));
goto done;
}
+ smb_set_close_on_exec(sd);
state->accept_fd = sd;
diff --git a/source3/libsmb/unexpected.c b/source3/libsmb/unexpected.c
index c645fbc..dd9ff7a 100644
--- a/source3/libsmb/unexpected.c
+++ b/source3/libsmb/unexpected.c
@@ -157,6 +157,7 @@ static void nb_packet_server_listener(struct tevent_context *ev,
if (sock == -1) {
return;
}
+ smb_set_close_on_exec(sock);
DEBUG(6,("accepted socket %d\n", sock));
client = talloc_zero(server, struct nb_packet_client);
diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c
index e15cd20..94335b3 100644
--- a/source3/rpc_server/rpc_server.c
+++ b/source3/rpc_server/rpc_server.c
@@ -216,6 +216,7 @@ static void named_pipe_listener(struct tevent_context *ev,
}
return;
}
+ smb_set_close_on_exec(sd);
DEBUG(6, ("Accepted socket %d\n", sd));
@@ -722,6 +723,7 @@ static void dcerpc_ncacn_tcpip_listener(struct tevent_context *ev,
}
return;
}
+ smb_set_close_on_exec(s);
rc = tsocket_address_bsd_from_sockaddr(state,
(struct sockaddr *)(void *) &addr,
@@ -892,6 +894,7 @@ static void dcerpc_ncalrpc_listener(struct tevent_context *ev,
}
return;
}
+ smb_set_close_on_exec(sd);
rc = tsocket_address_bsd_from_sockaddr(state,
addr, len,
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index f8c1aa6..79786d6 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -975,6 +975,7 @@ static void smbd_accept_connection(struct tevent_context *ev,
strerror(errno)));
return;
}
+ smb_set_close_on_exec(fd);
if (s->parent->interactive) {
reinit_after_fork(msg_ctx, ev, true, NULL);
diff --git a/source3/utils/smbfilter.c b/source3/utils/smbfilter.c
index 5a00a40..85aca4f 100644
--- a/source3/utils/smbfilter.c
+++ b/source3/utils/smbfilter.c
@@ -308,6 +308,7 @@ static void start_filter(char *desthost)
if ((num > 0) && (revents & (POLLIN|POLLHUP|POLLERR))) {
c = accept(s, (struct sockaddr *)&ss, &in_addrlen);
if (c != -1) {
+ smb_set_close_on_exec(c);
if (fork() == 0) {
close(s);
filter_child(c, &dest_ss);
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index 23e8a5e..fc7c169 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -874,6 +874,7 @@ static void new_connection(int listen_sock, bool privileged)
}
return;
}
+ smb_set_close_on_exec(sock);
DEBUG(6,("accepted socket %d\n", sock));
diff --git a/source4/lib/socket/socket_ip.c b/source4/lib/socket/socket_ip.c
index 6ec5252..87b7bf4 100644
--- a/source4/lib/socket/socket_ip.c
+++ b/source4/lib/socket/socket_ip.c
@@ -235,6 +235,8 @@ static NTSTATUS ipv4_accept(struct socket_context *sock, struct socket_context *
return map_nt_error_from_unix_common(errno);
}
}
+ smb_set_close_on_exec(new_fd);
+
/* TODO: we could add a 'accept_check' hook here
* which get the black/white lists via socket_set_accept_filter()
@@ -762,6 +764,7 @@ static NTSTATUS ipv6_tcp_accept(struct socket_context *sock, struct socket_conte
return map_nt_error_from_unix_common(errno);
}
}
+ smb_set_close_on_exec(new_fd);
/* TODO: we could add a 'accept_check' hook here
* which get the black/white lists via socket_set_accept_filter()
--
Samba Shared Repository
More information about the samba-cvs
mailing list