From owner-freebsd-security  Fri Nov 30 23:33:12 2001
Delivered-To: freebsd-security@freebsd.org
Received: from d150h247.resnet.uconn.edu (d150h247.resnet.uconn.edu [137.99.150.247])
	by hub.freebsd.org (Postfix) with SMTP id BC35937B416
	for <freebsd-security@freebsd.org>; Fri, 30 Nov 2001 23:33:09 -0800 (PST)
Received: (qmail 52962 invoked by uid 1001); 1 Dec 2001 07:32:10 -0000
Date: Sat, 1 Dec 2001 02:32:10 -0500
From: "Peter C. Lai" <sirmoo@cowbert.2y.net>
To: Dave <mudman@R181172.resnet.ucsb.edu>
Cc: freebsd-security@freebsd.org
Subject: Re: options USER_LDT
Message-ID: <20011201023210.A52949@cowbert.2y.net>
Reply-To: peter.lai@uconn.edu
References: <Pine.BSF.4.33.0111302322520.763-100000@R181172.resnet.ucsb.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.33.0111302322520.763-100000@R181172.resnet.ucsb.edu>; from mudman@R181172.resnet.ucsb.edu on Fri, Nov 30, 2001 at 11:33:12PM -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

IT's for the linux emulation module. Some linux ELF binaries
require this to run.

On Fri, Nov 30, 2001 at 11:33:12PM -0800, Dave wrote:
> 
> I really have no clue what the kernel option:
> options	USER_LDT
> 
> means, except this rugged definition I found in LINT (paraphrase):
> "Allow applications running in user space to manipulate the Local
> Descriptor Table (LDT)"
> 
> Since it didn't come in the GENERIC (FBSD 4.4 REL), I'm assuming that
> someone, somewhere, thought it would be a good idea to have this disabled
> by default and maybe it was meant to be added in only by people who know
> what they are doing.
> 
> Is there a security risk by allowing programs to access the Local
> Descriptor Table?  (I'm not sure what the LDT is, but if it was off for a
> reason I wouldn't want to challenge the decisions of those more informed
> than myself.  If it wasn't for an efficiency judgement, it could of been
> for a security judgement)
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
Peter C. Lai
University of Connecticut
Dept. of Residential Life | Programmer
Dept. of Molecular and Cell Biology |
Undergraduate Research Assistant
http://cowbert.2y.net/
860.427.4542
203.206.3784

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message