Re: Apache + mod_php performance

On 10/11/24 12:45 PM, Dan Cross wrote:

In article <vebjse$3nq13$1@dont-email.me>,
Dave Froble  <davef@tsoft-inc.com> wrote:

On 10/11/2024 9:30 AM, Dan Cross wrote:

[snip]
As I gather, on VMS the analogous mechanism works since a) every
socket on the system is associated with a unique device name in
some global namespace, and b) once known, an unrelated process
can $ASSIGN that device name, subject to authorization checking
enforced by the system.  The authorization checks seem to be
either, a) a process/subprocess relationship, or b) the
assigning process has the SHARE privilege; it's not clear to me
what else could go into those checks and how that interacts with
e.g. SO_SHARE; presumably at least UIC checks or something must
be completed?

>
The share flag is for the device.

 Ok, sure.  But does that mean that there's _no_ authorization
checking of any kind to access the device?  For example, no
checking UICs or ACLs or something?  If I set SO_SHARE on a
socket, can _any_ process on the system, regardless of who it is
running as, access that socket?

$ show device/full
on any BG device shows normal-looking device protections just as you
would see on any other device, e.g.:
Dev Prot    S:RWPL,O:RWPL,G:RWPL,W:RWPL
I don't think socket sharing is a privilege any more than file sharing
is; more likely it's just a hint to the driver that it needs to do extra
work to keep its internal state consistent when two processes are
accessing it.
There is an old Ask-the-Wizard article about socket sharing that uses a
mailbox to send the BG device name to the child process:
https://forum.vmssoftware.com/viewtopic.php?f=35&t=3511&p=7513
The example code sends UCX$C_SHARE using the QIO interface rather than
SO_SHARE and setsockopt(); I'm guessing it amounts to the same thing but
I can't find current relevant documentation for either.