[PATCH] Set SOCKET_CLOEXEC on sockets returned by accept
Volker Lendecke
Volker.Lendecke at SerNet.DE
Fri Dec 15 07:16:17 UTC 2017
On Fri, Dec 15, 2017 at 02:32:03PM +1300, Gary Lockyer via samba-technical wrote:
> Patches to Set SOCKET_CLOEXEC on the sockets returned by accept.
> This means that the socket is not available to any child processes.
> Making it harder for exploit code to set up a command channel.
Is the commit message really correct? I thought CLOEXEC only closes on
exec, not on fork. Where did you find that such sockets don't extend
to child processes, i.e. are closed on fork(2)?
Thanks,
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list