[Backport][v1.72]Added #defined to force disable secure_getenv (#39343)#39715
Merged
sreenithi merged 1 commit intogrpc:v1.72.xfrom May 30, 2025
Merged
[Backport][v1.72]Added #defined to force disable secure_getenv (#39343)#39715sreenithi merged 1 commit intogrpc:v1.72.xfrom
sreenithi merged 1 commit intogrpc:v1.72.xfrom
Conversation
Problem: [secure_getenv](https://github.com/grpc/grpc/blob/2dd25392e8951c000eee2f35c9fe66862f9c8883/src/core/util/linux/env.cc#L41) return NULL if linux [capabilities](https://man7.org/linux/man-pages/man7/capabilities.7.html) are added to the executable. As a solution, adding the "GRPC_FORCE_INSECURE_GETENV" We want to discourage its use due to security vulnerabilities mentioned in the [secure_getenv](https://github.com/grpc/grpc/blob/2dd25392e8951c000eee2f35c9fe66862f9c8883/src/core/util/linux/env.cc#L41) man page Closes grpc#39343 COPYBARA_INTEGRATE_REVIEW=grpc#39343 from pawbhard:getenv_wa 999f13a PiperOrigin-RevId: 760926719
Contributor
|
Verified that the failing tests are unrelated to the change, so going ahead to approve, merge and proceed with the patch release. |
sreenithi
approved these changes
May 30, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport #39343 to v1.72.x
Problem: secure_getenv return NULL if linux capabilities are added to the executable.
As a solution, adding the "GRPC_FORCE_INSECURE_GETENV"
We want to discourage its use due to security vulnerabilities mentioned in the secure_getenv man page
Closes #39343
COPYBARA_INTEGRATE_REVIEW=#39343 from pawbhard:getenv_wa 999f13a PiperOrigin-RevId: 760926719