-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Configuration]Support bearer tokens in cluster #10
[Configuration]Support bearer tokens in cluster #10
Conversation
Thanks for doing this PR, I added some comments. |
5abbe41
to
f7cbbf4
Compare
Thank you @brendandburns I have updated the code. |
kubernetes/config/incluster_config.c
Outdated
{ | ||
static char fname[] = "setBasePathInCluster()"; | ||
|
||
const char *service_host_env = getenv(SERVICE_HOST_ENV_NAME); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should switch to secure_getenv
see the recommendations here:
https://www.gnu.org/software/libc/manual/html_node/Environment-Access.html
"General-purpose libraries should always prefer this function over getenv to avoid vulnerabilities if the library is referenced from a SUID/SGID program."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's OK. I have upated it. And I add
#define _GNU_SOURCE
to the source code because it is required by the function secure_getenv
(http://man7.org/linux/man-pages/man3/getenv.3.html)
"Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
secure_getenv(): _GNU_SOURCE“
If _GNU_SOURCE
is not defined, my example program will core-dump.
141 kubeconfig_env = secure_getenv(ENV_KUBECONFIG);
(gdb)
142 if (kubeconfig_env) {
(gdb) p kubeconfig_env
$1 = 0x0
(gdb) n
145 homedir_env = secure_getenv(ENV_HOME);
(gdb) n
146 if (homedir_env) {
(gdb) p homedir_env
$2 = 0xffffffffffffe9d1 <error: Cannot access memory at address 0xffffffffffffe9d1>
(gdb) n
147 configFileName = calloc(strlen(homedir_env) + strlen(KUBE_CONFIG_DEFAULT_LOCATION) + 1, sizeof(char));
(gdb) s
__strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:52
52 ../sysdeps/x86_64/multiarch/strlen-avx2.S: No such file or directory.
(gdb) n
53 in ../sysdeps/x86_64/multiarch/strlen-avx2.S
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
__strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:62
62 in ../sysdeps/x86_64/multiarch/strlen-avx2.S
Sorry one more comment on |
f7cbbf4
to
504f452
Compare
Thank you @brendandburns ! The code is updated. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: brendandburns, ityuhui The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Load bearer tokens and CA file inside cluster.
/cc @brendandburns