On Thu, 7 Nov 2002, Ward, Garry wrote: > " Today, you cannot make > a distinction between trusting apache itself, and trusting any apache > module, since they both run in the same address space, and therefore > have full read and write access to that address space." > > Which, in the S/390 CICS world is handled by the "domain" concept; CICS systems >modules run in one domain and can interface with the OS in ways that the CICS >applications can not becasue of the protection keys that the s/390 hardware supports.
I know nothing of the domain concept. Apache may be constrained by the facilities proved by its software environment (gcc and the Linux kernel), but the 80386 hardware implements four levels of protection which could be used to provide this kind of protection. However, use of this hardware facility is incompatible with the flat memory model. In the 80386 these levels are hierarchic whereas on S/370 the privilege association with protect keys 1-15 is done in software. -- Cheers John. Please, no off-list mail. You will fall foul of my spam treatment. Join the "Linux Support by Small Businesses" list at http://mail.computerdatasafe.com.au/mailman/listinfo/lssb
