mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-30 21:37:53 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
pipewire/spa
History
Wim Taymans 4d7c448150 security: add missing O_CLOEXEC/SOCK_CLOEXEC flags 
File and Resource Handling: Medium

Several file and socket operations were missing the close-on-exec flag,
which causes file descriptors to leak to child processes created via
fork+exec. This could allow child processes unintended access to
privileged resources.

- node-driver.c: SOCK_DGRAM socket for SIOCETHTOOL ioctl leaked to
  child processes
- pw-container.c: Unix domain listen socket leaked to spawned
  container processes
- compress-offload-api.c: ALSA compress-offload device fd leaked to
  child processes

Added O_CLOEXEC to open() calls and SOCK_CLOEXEC to socket() calls.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-08 13:52:53 +02:00
..
examples spa: examples: fix getopt usage + typos in adapter-control 2025-10-26 14:12:19 +00:00
include channelmix: add some more channelmix positions 2026-01-15 16:43:43 +01:00
include-private/spa-private spa: move dbus helpers out of bluez plugin 2024-02-05 13:03:20 +00:00
lib spa: add audio.layout property 2025-10-30 12:28:07 +01:00
plugins security: add missing O_CLOEXEC/SOCK_CLOEXEC flags 2026-05-08 13:52:53 +02:00
tests tests: fix warning 2025-10-09 09:29:32 +02:00
tools meson.build: make spa-json-dump available for subprojects 2025-07-23 12:19:21 +00:00
meson.build meson: Always use -fno-strict-aliasing and -fno-strict-overflow 2025-07-24 07:30:28 +00:00