| commit | 9ccf164550ab139edf123d00f68fd43d500d734c | |
| author | Gary Lockyer <gary@catalyst.net.nz> | |
| Sun, 10 Dec 2017 20:36:08 +0000 (11 09:36 +1300) | ||
| committer | Andrew Bartlett <abartlet@samba.org> | |
| Mon, 18 Dec 2017 03:38:20 +0000 (18 04:38 +0100) | ||
| tree | 13eb754352225d2e368b0f151dcbf38bd496475f | treesnapshot (tar.gz zip) |
| parent | 8b3c58251146d2e982a6c9fdb3828ca65e307a96 | commitdiff |
ctdb/server/ctdb_daemon.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| ctdb/server/ctdb_daemon.c | diffblobblamehistory |