[PATCH] Set SOCKET_CLOEXEC on sockets returned by accept

Stefan Metzmacher metze at samba.org
Tue Dec 19 05:42:16 UTC 2017


Hi Gary,

can you please squash the 2nd hunk of the 2nd commit to the first commit?

Thanks!
metze

Am 17.12.2017 um 22:06 schrieb Gary Lockyer via samba-technical:
> Have updated the commit message.
> 
> Gary
> 
> On 15/12/17 20:43, Andrew Bartlett via samba-technical wrote:
>> On Fri, 2017-12-15 at 08:16 +0100, Volker Lendecke via samba-technical
>> wrote:
>>> On Fri, Dec 15, 2017 at 02:32:03PM +1300, Gary Lockyer via samba-technical wrote:
>>>> Patches to Set SOCKET_CLOEXEC on the sockets returned by accept.
>>>> This means that the socket is not available to any child processes.
>>>> Making it harder for exploit code to set up a command channel.
>>>
>>> Is the commit message really correct? I thought CLOEXEC only closes on
>>> exec, not on fork. Where did you find that such sockets don't extend
>>> to child processes, i.e. are closed on fork(2)?
>>
>> G'Day Volker,
>>
>> Yeah, that's a good point. A child process created by system() would be
>> a better description. 
>>
>> I asked Gary to do this one, the aim was to make simple attacks that
>> call system() like this one a little more miserable:
>>
>> https://gist.github.com/worawit/051e881fc94fe4a49295
>>
>> Not much, and not enough but perhaps it helps mitigate things some day.
>>
>> Better practical steps or ideas on what might make Samba less
>> exploitable are most welcome! 
>>
>> Thanks,
>>
>> Andrew Bartlett
>>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20171219/5f21c922/signature.sig>


More information about the samba-technical mailing list