On 2/10/23 2:42 AM, Eric Covener wrote:
>> I think this should be revisited and changed to 600.
>
> It seems like all the methods use 0644. After the change, it's just
> accessible in the filesystem rather than in the sysv shm ether.
>
> It seems like an API gap, APR can't know what the caller expects to do
> with it (other than it's not anonymous).
> Today I guess a caller could run with a more conservative umask, or
> toggle it around calls to apr_shm_create?
>
I would like to see a more restrictive default, but this cannot be reverted via
umask. Furthermore we are currently inconsistent as we use 600 for SysV SHM,
but 644
for Posix one.
Maybe time for an
apr_shm_perms_set?
Regards
RĂ¼diger
