From 208348ff2ac900d40367219b8cd1db2f9ed6267c Mon Sep 17 00:00:00 2001 From: Wim Taymans Date: Mon, 22 Jun 2026 14:35:11 +0200 Subject: [PATCH] conf: use close_range() before execvp() Avoids leaking fds to the new program. --- src/pipewire/conf.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/pipewire/conf.c b/src/pipewire/conf.c index 332bb3eeb..4979a858d 100644 --- a/src/pipewire/conf.c +++ b/src/pipewire/conf.c @@ -982,6 +982,8 @@ static int do_exec(struct pw_context *context, char *const *argv) for (p = argv; *p; ++p) spa_strbuf_append(&s, " '%s'", *p); + close_range(3, ~0U, CLOSE_RANGE_UNSHARE); + pw_log_info("exec%s", s.buffer); res = execvp(argv[0], argv);