Article <vec5bu$oa3$1@reader1.panix.com>

Deutsch English Français Italiano
<vec5bu$oa3$1@reader1.panix.com>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!weretis.net!feeder9.news.weretis.net!panix!.POSTED.spitfire.i.gajendra.net!not-for-mail
From: cross@spitfire.i.gajendra.net (Dan Cross)
Newsgroups: comp.os.vms
Subject: Re: Apache + mod_php performance
Date: Fri, 11 Oct 2024 21:29:34 -0000 (UTC)
Organization: PANIX Public Access Internet and UNIX, NYC
Message-ID: <vec5bu$oa3$1@reader1.panix.com>
References: <vcv0bl$39mnj$1@dont-email.me> <vebjse$3nq13$1@dont-email.me> <vebo7q$5b8$1@reader1.panix.com> <vec4sb$3qc1e$1@dont-email.me>
Injection-Date: Fri, 11 Oct 2024 21:29:34 -0000 (UTC)
Injection-Info: reader1.panix.com; posting-host="spitfire.i.gajendra.net:166.84.136.80";
	logging-data="24899"; mail-complaints-to="abuse@panix.com"
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: cross@spitfire.i.gajendra.net (Dan Cross)
Bytes: 2450
Lines: 35

In article <vec4sb$3qc1e$1@dont-email.me>,
Dave Froble  <davef@tsoft-inc.com> wrote:
>On 10/11/2024 1:45 PM, Dan Cross wrote:
>> In article <vebjse$3nq13$1@dont-email.me>,
>> Dave Froble  <davef@tsoft-inc.com> wrote:
>>> On 10/11/2024 9:30 AM, Dan Cross wrote:
>>>> [snip]
>>>> As I gather, on VMS the analogous mechanism works since a) every
>>>> socket on the system is associated with a unique device name in
>>>> some global namespace, and b) once known, an unrelated process
>>>> can $ASSIGN that device name, subject to authorization checking
>>>> enforced by the system.  The authorization checks seem to be
>>>> either, a) a process/subprocess relationship, or b) the
>>>> assigning process has the SHARE privilege; it's not clear to me
>>>> what else could go into those checks and how that interacts with
>>>> e.g. SO_SHARE; presumably at least UIC checks or something must
>>>> be completed?
>>>
>>> The share flag is for the device.
>>
>> Ok, sure.  But does that mean that there's _no_ authorization
>> checking of any kind to access the device?  For example, no
>> checking UICs or ACLs or something?  If I set SO_SHARE on a
>> socket, can _any_ process on the system, regardless of who it is
>> running as, access that socket?
>
>Dan, it's been quite a while, so I'd have to research that question.
>
>If I had to guess, I'd expect all VMS protections and such to be respected.  I 
>doubt one could just go out and access any BG device without having access.

I should hope so, Dave, but as it is, it looks under
documented at best.

	- Dan C.