Shared memory handles
Shared memory handles let you share buffers among processes without using public pathnames.
As an extension to POSIX, QNX OS supports shm_create_handle(). The creator of the shared memory object can use this function to create a unique, single-use handle that a specific process can use to access the object in a mode that's as privileged as or less privileged than what's indicated in the flags passed to the function.
The process that wants to access the shared memory object can call shm_open_handle() to get a file descriptor that it can pass to mmap(). This is more secure because the shared memory object needn't have a publicly known path, although it does still involve a file descriptor, which the process could keep and use to map the shared memory object even after currently existing mappings have been revoked. There are cases where a file descriptor is necessary. For example:
- The recipient might need to create its own handle for the shared memory object and pass it on to other processes.
- The recipient might need to call shm_ctl(), which takes a file descriptor as an argument.
For even greater security—if the recipient doesn't need a file descriptor—the creator can pass the SHM_CREATE_HANDLE_OPT_NOFD flag to shm_create_handle(). This flag makes the function create a handle that can't be converted into a file descriptor. In order to map the shared memory object into its address space, the recipient passes the handle to mmap_handle(). Again, this handle can be used only once.
If the shared memory object is revocable, unused handles are deleted when the creator revokes the mapping, to
ensure that the other process doesn't have any reference to the object anymore.
For the steps to follow, see
Putting it all together: using handles with anonymous, revocable shared memory objects,
below.