On 2023/07/20 20:32, Rafael Sadowski wrote: > On Thu Jul 20, 2023 at 04:31:55PM +0100, Stuart Henderson wrote: > > On 2023/07/20 17:27, Rafael Sadowski wrote: > > > Let's start with a quote from an old try: > > > > > > "Our Xorg server doesn't run under the same uid as the client, the client > > > needs to create the shared memory area with mode 0666. > > > > > > We are doing the same in misc/screen-shm. Of course, the consequence > > > here would be to do it for all Qt applications." > > > > > > -- https://marc.info/?l=openbsd-ports&m=167110468109188&w=2 > > > > > > There was a veto from sthen@, which was perfectly okay and right. For > > > error analysis and to exclude that this function is not used, I need the > > > shm mode from time to time. I would like to solve it with an environment > > > variable (QT_OPENBSD_SHM_MODE). > > > > From that mail, > > > > "What are the consequences of leaving this as-is? (i.e. what's broken > > now that changing this would fix?)" > > > > Nothing is broken and nothing is would fix for now. It just helps me to > debug Qt application or large ecosystem like KDE plasma. When I increase > the debug level I see that shm could not be init and therefore I can not > exclude that exactly this is a problem. > > Long story short: It helps me not to always have to build Qt myself.
so, that wasn't exactly meant as a veto, but I did want to understand why you wanted it, and doing it by default at least makes me feel a bit uneasy. I don't know the full consequences of making these shm files world readble+writable for various Qt software. It does feel that, if in other OS they are private, Qt might be putting more trust in them than mode 666 gives. Bit happier gating it on the environment variable as you've done in this version of the diff (if someone has access to set this, they can probably do much more damage with LD_* vars, so I don't think it makes things worse than that - exception being that LD_* are ignored for setuid/gid). I would like a bit more info in a comment in the patch about the reason for adding it. Might not hurt to use a word like DEBUG in the variable name too if that's what it's intended for?
