From 5b5952573fe69ee99152f9b1204ffccb0a2ba1f6 Mon Sep 17 00:00:00 2001
From: orbisai0security <mediratta01.pally@gmail.com>
Date: Wed, 13 May 2026 19:18:27 +0530
Subject: [PATCH] build: netfilter.c: replace `system()` with `execv()` (#7159)

---
 src/firejail/netfilter.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c
index 0458d71d6..9225b72e8 100644
--- a/src/firejail/netfilter.c
+++ b/src/firejail/netfilter.c
@@ -66,11 +66,12 @@ void netfilter_netlock(pid_t pid) {
 			env_apply_all();
 			umask(orig_umask);
 
-			char *cmd;
-			if (asprintf(&cmd, "%s -e \"%s/firejail/fnetlock --tail --log=%s\"", terminal, LIBDIR, flog) == -1)
+			char fnetlock_path[] = LIBDIR "/firejail/fnetlock";
+			char *log_arg;
+			if (asprintf(&log_arg, "--log=%s", flog) == -1)
 				errExit("asprintf");
-			int rv = system(cmd);
-			(void) rv;
+			char *exec_args[] = { terminal, "-e", fnetlock_path, "--tail", log_arg, NULL };
+			execv(terminal, exec_args);
 			exit(0);
 		}
 	}