rpc_server: Add CLOEXEC to the listening sockets

We don't want to leak them into exec'ed processes.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 26 01:13:53 UTC 2021 on sn-devel-184

source3/rpc_server/rpc_sock_helper.c

@@ -347,7 +347,7 @@ NTSTATUS dcesrv_create_binding_sockets(
 	int **pfds)
 {
 	enum dcerpc_transport_t transport = dcerpc_binding_get_transport(b);
-	size_t num_fds = 1;
+	size_t i, num_fds = 1;
 	int *fds = NULL;
 	NTSTATUS status;
 
@@ -379,6 +379,21 @@ NTSTATUS dcesrv_create_binding_sockets(
 		return status;
 	}
 
+	for (i=0; i<num_fds; i++) {
+		bool ok = smb_set_close_on_exec(fds[i]);
+		if (!ok) {
+			status = map_nt_error_from_unix(errno);
+			break;
+		}
+	}
+	if (i < num_fds) {
+		for (i=0; i<num_fds; i++) {
+			close(fds[i]);
+		}
+		TALLOC_FREE(fds);
+		return status;
+	}
+
 	*pfds = fds;
 	*pnum_fds = num_fds;
 	return NT_STATUS_OK;