mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-29 06:46:38 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: add missing O_CLOEXEC flag to V4L2 device open

Browse source 
File and Resource Handling: Medium

The V4L2 device file descriptor was opened without the O_CLOEXEC flag.
If a child process is subsequently spawned (e.g., via fork+exec), the
video device fd would be inherited, potentially allowing the child
process unauthorized access to the camera device.

Fixed by adding O_CLOEXEC to the open() flags.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Wim Taymans 2026-04-28 12:32:19 +02:00
parent a12cc84df4
commit 695f25600b
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
spa/plugins/v4l2/v4l2-utils.c
View file

@ -42,7 +42,7 @@ int spa_v4l2_open(struct spa_v4l2_device *dev, const char *path)
spa_log_info(dev->log, "device is '%s'", path); spa_log_info(dev->log, "device is '%s'", path);
dev->fd = open(path, O_RDWR | O_NONBLOCK, 0); dev->fd = open(path, O_RDWR | O_NONBLOCK | O_CLOEXEC, 0);
if (dev->fd == -1) { if (dev->fd == -1) {
err = errno; err = errno;
spa_log_error(dev->log, "Cannot open '%s': %d, %s", spa_log_error(dev->log, "Cannot open '%s': %d, %s",