I can think of two solutions for this now, possible other ones are welcome:
-- make HUGE_CS have a lower DPL (more privileged);
-- move user descriptors to the LDTs, seems like the Right Thing to do, but
requires a bit too many changes to the existing code; this would also allow
making the data segments non-executable for some processes.
I used the first solution for now, running that right now, as usual. Moved
HUGE_CS to DPL=2 (only privilege levels 0 and 3 were used earlier), and also
had to create a new descriptor for stack, with DPL=2.
I got 100+ messages on the subject in my mailbox right now, I'll be answering
them later today (personally, not to the list), got other stuff to do now.
But I considered answering your message now, since it's the only one with
really new stuff in it. :)
Signed,
Solar Designer