mirror of
https://gitlab.freedesktop.org/pipewire/pipewire.git
synced 2026-05-03 06:47:04 -04:00
7bfa93de05
File and Resource Handling: Medium Several file and socket operations were missing the close-on-exec flag, which causes file descriptors to leak to child processes created via fork+exec. This could allow child processes unintended access to privileged resources. - node-driver.c: SOCK_DGRAM socket for SIOCETHTOOL ioctl leaked to child processes - pw-container.c: Unix domain listen socket leaked to spawned container processes - compress-offload-api.c: ALSA compress-offload device fd leaked to child processes Added O_CLOEXEC to open() calls and SOCK_CLOEXEC to socket() calls. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| cpu-arm.c | ||
| cpu-riscv.c | ||
| cpu-x86.c | ||
| cpu.c | ||
| dbus.c | ||
| evl-plugin.c | ||
| evl-system.c | ||
| journal.c | ||
| logger.c | ||
| loop.c | ||
| meson.build | ||
| node-driver.c | ||
| null-audio-sink.c | ||
| plugin.c | ||
| system.c | ||