httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject RE: New Win32 apr_stat(), apr_lstat() performance
Date Mon, 13 Nov 2000 14:51:35 GMT
> From: []
> Sent: Monday, November 13, 2000 2:23 AM
> In a message dated 00-11-12 13:15:54 EST, William Rowe writes...
> > Gathering the owner user and group SID, as well as the DACL 
> > (discressionary permissions, rather than system permissions, 
> > or SACL, which we are unlikely to have access to) for the 
> > owner, group and world:
>   0001BFB4   428  RtlGetSaclSecurityDescriptor     <- SACL system permissions

The call -supports- the SACL.  But the SACL effectivly requires
Admin + (e.g. root) access, and we are unlikely to ever expect
the user to run Apache server as root.

> If you really want the best file/directory/security/user/group
> info under Win32/64 ( inlcuding best DACL/SACL ) and you 
> want the best performance possible then forget the Win32/64 
> ring 3 API calls. They are always going to be dogs. You have 
> to get 'underneath' the Win32/64 API to really rock and roll.

Agreed, a true nt api offers a number of advantages, and it's in
consideration -after- we roll a 2.0 beta.  But don't misunderstand,
we still have ring 3->0 transitions in any case (we will never 
distribute an Apache or APR running in ring 0 for security reasons
alone.)  The second issue revolves around ntdll.h ... I already
have an issue when I added the newer ISAPI structures, and don't
plan on forcing every Win32 user to pull down the DDK to compile.

The native API may prove to offer better performance, but it won't 
be orders of magnitude, which is exactly the problem the the 
benchmark demonstrated.  

Thank you for pointing out the distinction, I've been considering
this possibility since I first looked at APR, but rejected moving
yet for all the reasons I just pointed out.  It's not off the table,
the idea is just on hold for now.


View raw message