New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 717393 link

Starred by 1 user
Status: Duplicate
Merged: issue 717558
Owner:
jmad...@chromium.org
Closed: May 2017
Cc:
mgiuca@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Compile warning: vulkan-validation-layers: "Falling back to non-secure getenv for environmental lookups"

Project Member Reported by mgiuca@chromium.org, May 2 2017 
Chrome Version: r468542
OS: Linux

CC obj/third_party/angle/src/vulkan_support/vulkan_loader/loader.o
../../third_party/vulkan-validation-layers/src/loader/loader.c:222:9: warning: Warning:  Falling back to non-secure getenv for environmental lookups!  Consider updating to a different libc. [-W#pragma-messages]
#pragma message("Warning:  Falling back to non-secure getenv for environmental lookups!  Consider" \
        ^
1 warning generated.

Marking security since the warning is a security warning. Should be investigated by the GPU team?

Comment 1 by mgiuca@chromium.org, May 2 2017

Labels: -Type-Bug -Pri-3 Pri-1 Type-Bug-Security
Setting flags.

Comment 2 by mgiuca@chromium.org, May 2 2017 

I don't really understand what secure_getenv() buys you from a security standpoint.

https://linux.die.net/man/3/secure_getenv

But there's the man page. At least on my local machine, both HAVE_SECURE_GETENV and HAVE___SECURE_GETENV are not defined, so it falls back to regular getenv().

Comment 3 by och...@chromium.org, May 2 2017

Components: Security
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Owner: jmad...@chromium.org
Status: Assigned (was: Untriaged)
Taking this out of the security queue and assigning it the security component instead.

jmadill, could you please take a look?

Comment 4 by geoffl...@chromium.org, May 2 2017

Mergedinto: 717558
Status: Duplicate (was: Assigned)
Merging this into the existing bug

Sign in to add a comment