> I think this should be revisited and changed to 600. It seems like all the methods use 0644. After the change, it's just accessible in the filesystem rather than in the sysv shm ether.
It seems like an API gap, APR can't know what the caller expects to do with it (other than it's not anonymous). Today I guess a caller could run with a more conservative umask, or toggle it around calls to apr_shm_create?
