Just to provide a little background on NetWare (and if you don't care, don't read any further). NetWare is not your standard general purpose operating system. NetWare was origninally designed and built to be a high performance, highly scalable and very secure file and print server. Over the years it has evolved into something that sits somewhere between its original design purpose and a general purpose OS. In order to achieve the performance levels that it does, as much overhead as possible was eliminated which includes the concept of processes and what most people understand to be address spaces. Everything that runs on NetWare runs as a thread in Kernel address space. The idea of a separate address space or "Protected Address Space" (as it is called around here) didn't show up in NetWare until NetWare 5 (I think that was the first version). Basically a protected address space is just that. NetWare allocates a separate address space in which it is able to run an application. In order for an application to run in this address space, everything that it depends on has to be loaded in that address space. This mean code as well as data. A protected address space on NetWare could probably be thought of more as a virtual machine than a process. This is why it is so expensive to spin up a CGI in a separate address space on Netware. But running everything in kernel address space is not as scary as it sounds on NetWare. If you have a wild module that causes the Apache instance to abend (another old time term that is still widely used when refering to NetWare), it will bring Apache down, but the OS is smart enough to isolate the offending application and still allow the server to continue running. The downside is that the only way to clear an abend in kernel address space is to restart the server. While an abend in a protected address space can simply be unloaded and cleared. Some NetWare administrators will choose to run applications like Apache in a protected address space simply for the ability to easily clean it up if something goes wrong. But by doing so they sacrifice some level of performance of the web server as well as system resources. Others may consider applications like Apache to be so stable and the performance hit so great, that they are comfortable in running them in kernel address space. For the most part, this is the case. But Apache is a long lived application. Once it is spun up and running, the overhead is gone. CGIs, as we all know, can come and go at anytime. Because of the same performance reason, other platforms have been able to increase performance by using mod_cgid rather than mod_cgi to avoid the same type of process creation overhead. But on NetWare, not only is starting up a CGI in protected address space much more expensive than forking a process on other platforms, we don't have fork/exec on NetWare. The bottom line is that because of the nature of the NetWare OS, it is much more efficient and much easier to run things in kernel address space. It is just the nature of the OS. What's the benefit? Performance, scalability and yes, security. (OK, that sounds a lot like a marketing line, but its true)
Brad Brad Nicholes Senior Software Engineer Novell, Inc., the leading provider of Net business solutions http://www.novell.com >>> [EMAIL PROTECTED] Tuesday, June 22, 2004 8:34:54 PM >>> Uh, then may I follow up with another stupid, obvious question, if using another address space insulates the parent application and, in some cases, the server from a crash resulting from an unstable module, why do they all use the same address space on novell? Does this compromise a security measure in the case of a module fail or crash? -- -------------------- Wayne S. Frazee "Any sufficiently developed bug is indistinguishable from a feature." On Tue, 2004-06-22 at 16:49, Jean-Jacques Clar wrote: > >Can I ask the obvious, then? When would a separate address space > >be desirable for an apr-based app to invoke a child/forked process? > > > It is a desirable option mainly for developers using unstable modules > > to ensure the child process will not kill the parent application, or > the server, > > in case a major problem happens inside the child. > > By default on NetWare, the http server and all of its child processes > are > > started in the same address space. > > > >