On 01-Dec-01 scott wrote:
> Dave wrote:
>>
>> I really have no clue what the kernel option:
>> options USER_LDT
>>
>> means, except this rugged definition I found in LINT (paraphrase):
>> "Allow applications running in user space to manipulate the Local
>> Descriptor Table (LDT)"
>>
>> Since it didn't come in the GENERIC (FBSD 4.4 REL), I'm assuming that
>> someone, somewhere, thought it would be a good idea to have this disabled
>> by default and maybe it was meant to be added in only by people who know
>> what they are doing.
>>
>> Is there a security risk by allowing programs to access the Local
>> Descriptor Table? (I'm not sure what the LDT is, but if it was off for a
>> reason I wouldn't want to challenge the decisions of those more informed
>> than myself. If it wasn't for an efficiency judgement, it could of been
>> for a security judgement)
>
> Yes there is a security risk.
> Here read all about it:
> http://www.phrack.org/show.php?p=51&a=9

What in the _world_ does this have to do with _LDT_ (aka Local Descriptor
Table). This is talking about making a LKM (Loadable Kernel Module) which is
an entirely separate issue from LDT. I don't know of any security problems
with LDT's, please stop spreading FUD.

-- 
John Baldwin <jhbFreeBSD.org>  <><  http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve!"  -  http://www.FreeBSD.org/
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]