source3: remove sock_exec

Enterprise / Samba - Gary Lockyer [catalyst.net.nz] - 20 November 2017 06:20 EST

Remove the sock_exec code which is no longer needed and additionally has been used by exploit code.

This was originally test support code, the tests relying on the sock_exec code have been removed.

Past exploits have used sock_exec as a proxy for system() matching a talloc destructor prototype.

See for example: Exploit for Samba vulnerabilty (CVE-2015-0240) at https://gist.github.com/worawit/051e881fc94fe4a49295 and the Red Hat post at https://access.redhat.com/blogs/766093/posts/1976553

d11473b15df source3: remove sock_exec
docs-xml/manpages/smbclient.1.xml | 6 --
source3/include/proto.h | 4 --
source3/lib/sock_exec.c | 118 --------------------------------------
source3/libsmb/cliconnect.c | 14 -----
source3/wscript_build | 1 -
testsuite/build_farm/basicsmb.fns | 2 -
6 files changed, 145 deletions(-)

Upstream: gitweb.samba.org


  • Share