mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-30 21:37:53 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
pipewire/spa/plugins
History
Wim Taymans 4d7c448150 security: add missing O_CLOEXEC/SOCK_CLOEXEC flags 
File and Resource Handling: Medium

Several file and socket operations were missing the close-on-exec flag,
which causes file descriptors to leak to child processes created via
fork+exec. This could allow child processes unintended access to
privileged resources.

- node-driver.c: SOCK_DGRAM socket for SIOCETHTOOL ioctl leaked to
  child processes
- pw-container.c: Unix domain listen socket leaked to spawned
  container processes
- compress-offload-api.c: ALSA compress-offload device fd leaked to
  child processes

Added O_CLOEXEC to open() calls and SOCK_CLOEXEC to socket() calls.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-08 13:52:53 +02:00
..
aec spa: aec: webrtc: Expose echo canceller mobile_mode 2025-07-09 13:02:18 -04:00
alsa security: add missing O_CLOEXEC/SOCK_CLOEXEC flags 2026-05-08 13:52:53 +02:00
audioconvert spa: limit the number of buffer blocks 2026-05-08 12:17:50 +02:00
audiomixer audiomixer: rate limit the "out of buffers" debug 2026-04-28 12:11:42 +02:00
audiotestsrc audiotestsrc: Operate as follower too 2025-12-16 13:15:00 +01:00
avb modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
bluez5 bluez5: more MT7925 quirks 2026-04-19 19:15:23 +03:00
control mixer: handle control.ump property 2026-04-07 10:08:14 +02:00
ffmpeg spa: use log topics everywhere 2024-03-11 18:45:21 +02:00
filter-graph filter-graph: error when there are no valid nodes 2026-05-08 13:28:28 +02:00
jack *: don't include standard C headers inside of extern "C" 2025-05-30 09:48:28 +01:00
libcamera spa: libcamera: use std::span 2026-03-28 01:22:27 +01:00
support security: add missing O_CLOEXEC/SOCK_CLOEXEC flags 2026-05-08 13:52:53 +02:00
test spa: make the wave, pattern and ditherType Int 2025-06-13 10:06:09 +02:00
v4l2 v4l2: use 0x as the prefix for hex values 2026-03-09 16:28:15 +01:00
videoconvert spa: limit the number of buffer blocks 2026-05-08 12:17:50 +02:00
videotestsrc loop: spa_loop_invoke -> spa_loop_locked where possible 2025-05-30 11:59:35 +02:00
volume treewide: access the position information using helpers 2025-10-21 13:06:25 +02:00
vulkan spa: vulkan: map VK_INCOMPLETE to ENOSPC 2025-07-12 19:54:14 +00:00
meson.build filter-chain: move the filter-graph to plugins 2024-11-13 11:12:06 +01:00