On 2/8/23 11:06 PM, Michael Brunnbauer wrote:
>
> hi all,
>
> I upgraded to apr-1.7.2 and apr-util-1.6.3 today and ran into an issue where
> Apache 2.4.55 would not start any more because it could not open the
> ScoreBoardFile and/or SSLSessionCache. This is apparently caused by this
> change:
>
> *) configure: Prefer posix name-based shared memory over SysV IPC.
> [Jim Jagielski]
>
> Some of my systems did not have the /dev/shm directory and on most where it
> existed, it was a normal directory, not a tmpfs. Creating the directory
> fixes the problem but I figured that I better install a tmpfs everywhere.
> But if I do that, Apache creates world readable files:
>
> -rw-r--r-- 1 root root 96320 Feb 8 22:56 ShM.5c729b24H72d5072a
>
> I think this is the ScoreBoardFile from Apache. Should it be world readable?
> If no: Did I make a mistake?
I think the answer to both questions is no.
The decision to use 644 as file permissions in this case is very old though:
http://svn.apache.org/viewvc?view=revision&revision=65135
http://svn.apache.org/viewvc?view=revision&revision=1561260
But it was was already questioned a long time ago here:
http://svn.apache.org/viewvc?view=revision&revision=1561384
I think this should be revisited and changed to 600.
Furthermore I think we should amend
http://svn.apache.org/viewvc?view=revision&revision=1901037
to allow reverting that decision by a switch just like the --enable-posix-shm .
AIX already defaults back to SysV SHM:
http://svn.apache.org/viewvc?view=revision&revision=1906825
Regards
RĂ¼diger
