From owner-freebsd-security  Sat Dec  1 15:32: 9 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail11.speakeasy.net (mail11.speakeasy.net [216.254.0.211])
	by hub.freebsd.org (Postfix) with ESMTP id 02BCC37B417
	for <freebsd-security@FreeBSD.ORG>; Sat,  1 Dec 2001 15:32:05 -0800 (PST)
Received: (qmail 12319 invoked from network); 1 Dec 2001 23:32:46 -0000
Received: from unknown (HELO laptop.baldwin.cx) ([64.81.54.73]) (envelope-sender <jhb@FreeBSD.org>)
          by mail11.speakeasy.net (qmail-ldap-1.03) with SMTP
          for <scott@bsdprophet.org>; 1 Dec 2001 23:32:46 -0000
Message-ID: <XFMail.011201153204.jhb@FreeBSD.org>
X-Mailer: XFMail 1.4.0 on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <3C08E711.A4B08098@bsdprophet.org>
Date: Sat, 01 Dec 2001 15:32:04 -0800 (PST)
From: John Baldwin <jhb@FreeBSD.org>
To: scott <scott@bsdprophet.org>
Subject: Re: options USER_LDT
Cc: freebsd-security@FreeBSD.ORG,
	Dave <mudman@R181172.resnet.ucsb.edu>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


On 01-Dec-01 scott wrote:
> Dave wrote:
>> 
>> I really have no clue what the kernel option:
>> options USER_LDT
>> 
>> means, except this rugged definition I found in LINT (paraphrase):
>> "Allow applications running in user space to manipulate the Local
>> Descriptor Table (LDT)"
>> 
>> Since it didn't come in the GENERIC (FBSD 4.4 REL), I'm assuming that
>> someone, somewhere, thought it would be a good idea to have this disabled
>> by default and maybe it was meant to be added in only by people who know
>> what they are doing.
>> 
>> Is there a security risk by allowing programs to access the Local
>> Descriptor Table?  (I'm not sure what the LDT is, but if it was off for a
>> reason I wouldn't want to challenge the decisions of those more informed
>> than myself.  If it wasn't for an efficiency judgement, it could of been
>> for a security judgement)
> 
> Yes there is a security risk.
> Here read all about it:
> http://www.phrack.org/show.php?p=51&a=9

What in the _world_ does this have to do with _LDT_ (aka Local Descriptor
Table).  This is talking about making a LKM (Loadable Kernel Module) which is
an entirely separate issue from LDT.  I don't know of any security problems
with LDT's, please stop spreading FUD.

-- 

John Baldwin <jhb@FreeBSD.org>  <><  http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve!"  -  http://www.FreeBSD.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message