[PATCH] Remove sock_exec code
Andrew Bartlett
abartlet at samba.org
Tue Nov 14 11:10:33 UTC 2017
I think you should mention that you are motivated by past exploits of
Samba that used sock_exec as a proxy for system() matching a talloc
destructor prototype.
See for example
https://gist.github.com/worawit/051e881fc94fe4a49295
and referencing the Red Hat post at:
https://access.redhat.com/blogs/766093/posts/1976553
The same motivation is for the close-on-exec change, making a repeat of
this exploit just a little more miserable by not allowing something
called via system() access to the FD back to the client.
Thanks,
Andrew Bartlett
On Thu, 2017-11-09 at 15:09 +1300, Gary Lockyer via samba-technical
wrote:
> Updated patch attached, removes the man page entry.
>
> On 09/11/17 05:11, Andreas Schneider via samba-technical wrote:
> > On Sunday, 5 November 2017 18:54:32 CET Gary Lockyer via samba-technical
> > wrote:
> > > Patch to remove the sock_exec code, my understanding is that this was
> > > originally test support code and is no longer used.
> > >
> > > Comments and reviews appreciated
> >
> > man smbclient -> LIBSMB_PROG
> >
> > I think you should remove that too if you want to get rid of it :-)
> >
> >
> > andreas
> >
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list