http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16056
Anthony, I like the gist of your patch, but your ownership observations were correct; we can't implement this patch as written. This was just addressed in recent Apache releases and will continue to be tightened, not loosened.
Bugger.
But I like the idea so much I believe we should do the same for mutex objects, and eliminate unixd_set_proc_mutex_perms() and unixd_set_global_mutex_perms() from the mainline code.
Yes. I thought this looks a little like a kludge.
The APR is very nice when you consider what it accomplishes. I figured in order to handle target ownership & permissions, you either:So how can we roll these into APR? That's a bitter question, since we open up either the internals of APR or we end up narrowing the functionality to some defined subset.
a) add three new parameters to apr_shm_create() for target owner and permissions; or
b) avoid the unix trick of deleting an open file handle/object in advance; then provide an apr_shm_set_owner() that sets ownership and permissions in a unix world and is a noop in other worlds. This would mean the shared memory release would be a cleanup handler. (Likewise for mutexes).
The second solution is what I implemented in mod_watch/3 for Apache 1.3 (see Shared.[ch] and Mutex.[ch]).
My future port of mod_become would require this, since its sole purpose in life is setuid/gid or seteuid/gid the child process to that of the file-owner.I'm working up a list of 'objects' that might need permissions/uid/gid redefinition, if the process expects to setuid later. I'm working with that list of apr_foo_create()
--
Anthony C Howe +33 6 11 89 73 78
http://www.snert.com/ ICQ: 7116561 AIM: Sir Wumpus
"Will the real email please stand up..."
