Date: Sun, 02 Dec 2001 09:41:35 -0800 (PST) From: John Baldwin <jhb@FreeBSD.org> To: (D J Hawkey Jr) <hawkeyd@visi.com> Cc: security@FreeBSD.ORG Subject: Re: options USER_LDT Message-ID: <XFMail.011202094135.jhb@FreeBSD.org> In-Reply-To: <200112021259.fB2CxNh62460@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
On 02-Dec-01 D J Hawkey Jr wrote: > In article <XFMail.011201170928.jhb_FreeBSD.org@ns.sol.net>, > jhb@FreeBSD.ORG writes: >> >> On 02-Dec-01 Bruce Evans wrote: >>> On Sat, 1 Dec 2001, John Baldwin wrote: >>> >>>> On 01-Dec-01 Dave wrote: >>>> > >>>> > I really have no clue what the kernel option: >>>> > options USER_LDT >>>> > >>>> > means, except this rugged definition I found in LINT (paraphrase): >>>> > "Allow applications running in user space to manipulate the Local >>>> > Descriptor Table (LDT)" >>>> > >>>> > Since it didn't come in the GENERIC (FBSD 4.4 REL), I'm assuming that >>>> > someone, somewhere, thought it would be a good idea to have this >>>> > disabled >>>> > by default and maybe it was meant to be added in only by people who know >>>> > what they are doing. >>>> >>>> No, it's enabled by default, not disabled by default. >>> >>> Er, not in RELENG_4. It can only be enabled by default if it doesn't >>> exist, >>> as in -current :-). >> >> Ah, nm, I misread it thinking that the option was gone from 4.4 completely. >> To >> answer the original question then: it's not enabled by default most likely >> because when it was added as a new feature it was left as an option that was >> off by default so that any bugs it might have wouldn't bite people he didn't >> need it. > > Um, guys? I think your language is becoming too tortured. Does USER_LDT > still exist as a kernel option, and is it still doc'd in LINT? Does it > pose a security risk in the more current releases? And is it enabled now > by default, or simply depreciated, and no longer a possible "gotcha" in > running Wine or mplayer? In 4.4, it is still a kernel option not enabled by default. It poses no security risk in any release of FreeBSD. In 5.0 it is now on by default and no longer a kernel option because we decided it has now been tested long enough and we no longer need a fallback to disable it. -- John Baldwin <jhb@FreeBSD.org> <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.011202094135.jhb>