mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-04 06:46:24 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
pipewire/spa/plugins/support
History
Wim Taymans 7bfa93de05 security: add missing O_CLOEXEC/SOCK_CLOEXEC flags 
File and Resource Handling: Medium

Several file and socket operations were missing the close-on-exec flag,
which causes file descriptors to leak to child processes created via
fork+exec. This could allow child processes unintended access to
privileged resources.

- node-driver.c: SOCK_DGRAM socket for SIOCETHTOOL ioctl leaked to
  child processes
- pw-container.c: Unix domain listen socket leaked to spawned
  container processes
- compress-offload-api.c: ALSA compress-offload device fd leaked to
  child processes

Added O_CLOEXEC to open() calls and SOCK_CLOEXEC to socket() calls.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-28 12:20:33 +02:00
..
cpu-arm.c
cpu-riscv.c
cpu-x86.c cpu: add SLOW_GATHER flag 2026-03-19 16:21:35 +01:00
cpu.c
dbus.c support: return NULL instead of FALSE 2026-01-03 22:54:25 +01:00
evl-plugin.c
evl-system.c
journal.c
logger.c spa: support: logger: print thread id for each message 2026-03-12 18:31:46 +01:00
loop.c spa: loop: Mark cancellation fields as volatile 2026-03-12 09:24:53 +00:00
meson.build meson: Search for and link to stdthreads 2024-09-23 08:09:45 +00:00
node-driver.c security: add missing O_CLOEXEC/SOCK_CLOEXEC flags 2026-04-28 12:20:33 +02:00
null-audio-sink.c spa: remove timerspec members 2026-03-26 14:43:54 +01:00
plugin.c
system.c spa: system: make spa_poll_event compatible with epoll_events 2026-04-06 10:24:32 +00:00