Date: Sat, 01 Dec 2001 15:32:03 -0800 (PST) From: John Baldwin <jhb@FreeBSD.org> To: Dave <mudman@R181172.resnet.ucsb.edu> Cc: freebsd-security@freebsd.org Subject: RE: options USER_LDT Message-ID: <XFMail.011201153203.jhb@FreeBSD.org> In-Reply-To: <Pine.BSF.4.33.0111302322520.763-100000@R181172.resnet.ucsb.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 01-Dec-01 Dave wrote: > > I really have no clue what the kernel option: > options USER_LDT > > means, except this rugged definition I found in LINT (paraphrase): > "Allow applications running in user space to manipulate the Local > Descriptor Table (LDT)" > > Since it didn't come in the GENERIC (FBSD 4.4 REL), I'm assuming that > someone, somewhere, thought it would be a good idea to have this disabled > by default and maybe it was meant to be added in only by people who know > what they are doing. No, it's enabled by default, not disabled by default. > Is there a security risk by allowing programs to access the Local > Descriptor Table? (I'm not sure what the LDT is, but if it was off for a > reason I wouldn't want to challenge the decisions of those more informed > than myself. If it wasn't for an efficiency judgement, it could of been > for a security judgement) There shouldn't be, since each program has its own LDT if it uses the syscalls to set one up. It can't use the LDT to look outside of its own address space since the addresses that come out of the LDT still have to go through the page tables. -- John Baldwin <jhb@FreeBSD.org> <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.011201153203.jhb>