From owner-freebsd-security Sun Dec 2 4:59:42 2001 Delivered-To: freebsd-security@freebsd.org Received: from brea.mc.mpls.visi.com (brea.mc.mpls.visi.com [208.42.156.100]) by hub.freebsd.org (Postfix) with ESMTP id A109137B41D; Sun, 2 Dec 2001 04:59:25 -0800 (PST) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by brea.mc.mpls.visi.com (Postfix) with ESMTP id 6F1A52DDBDD; Sun, 2 Dec 2001 06:59:24 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.1/8.11.1) id fB2CxNh62460; Sun, 2 Dec 2001 06:59:23 -0600 (CST) (envelope-from hawkeyd) Date: Sun, 2 Dec 2001 06:59:23 -0600 (CST) Message-Id: <200112021259.fB2CxNh62460@sheol.localdomain> Mime-Version: 1.0 X-Newsreader: knews 0.9.8a Reply-To: hawkeyd@visi.com Organization: if (!FIFO) if (!LIFO) break; References: <20011202120451.R6917-100000_gamplex.bde.org@ns.sol.net> In-Reply-To: From: hawkeyd@visi.com (D J Hawkey Jr) Subject: Re: options USER_LDT X-Original-Newsgroups: sol.lists.freebsd.security To: jhb@FreeBSD.ORG, security@FreeBSD.ORG Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In article , jhb@FreeBSD.ORG writes: > > On 02-Dec-01 Bruce Evans wrote: >> On Sat, 1 Dec 2001, John Baldwin wrote: >> >>> On 01-Dec-01 Dave wrote: >>> > >>> > I really have no clue what the kernel option: >>> > options USER_LDT >>> > >>> > means, except this rugged definition I found in LINT (paraphrase): >>> > "Allow applications running in user space to manipulate the Local >>> > Descriptor Table (LDT)" >>> > >>> > Since it didn't come in the GENERIC (FBSD 4.4 REL), I'm assuming that >>> > someone, somewhere, thought it would be a good idea to have this disabled >>> > by default and maybe it was meant to be added in only by people who know >>> > what they are doing. >>> >>> No, it's enabled by default, not disabled by default. >> >> Er, not in RELENG_4. It can only be enabled by default if it doesn't exist, >> as in -current :-). > > Ah, nm, I misread it thinking that the option was gone from 4.4 completely. To > answer the original question then: it's not enabled by default most likely > because when it was added as a new feature it was left as an option that was > off by default so that any bugs it might have wouldn't bite people he didn't > need it. Um, guys? I think your language is becoming too tortured. Does USER_LDT still exist as a kernel option, and is it still doc'd in LINT? Does it pose a security risk in the more current releases? And is it enabled now by default, or simply depreciated, and no longer a possible "gotcha" in running Wine or mplayer? >> Bruce Dave -- Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming, or what?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message