Red Hat Inc. Tuesday released its latest patch, Update 3, to its flagship server operating system, Red Hat Enterprise Linux 3.
RHEL(Red Hat Enterprise Linux)subscribers can download this latest update from the Red Hat Network. This latest Red Hat update features several security enhancements, which had originally been targeted for delivery in early 2005.
The new updates security features includes Exec-shield and PIE (Position Independent Executable) features. These provide protection against stack, buffer or function pointer overflows, and against other types of security exploits that rely on overwriting data structures in memory.
Exec-shield works by having the kernel transparently track how programs map their memory, and maintains a maximum executable address value for each application, the exec-limit. Exec-shield works transparently, so there is no need to rewrite or recompile any applications for it to work.
PIE works with Exec-shield by randomly selecting where a particular program will reside in main memory. This way, attacks that depend on insider knowledge of how an application normally allocates its memory, will fail.
In addition, Red Hat has extended NX (No Execute) support from the Intel Corp. Itanium2 processor family to include other chips that can be made to support it such as the Intel x86, Intel EM64T (Extended Memory 64 Technology) and the AMD64 processors.
NX prevents programs from executing in specific areas of memory, such as the stack or the heap, which shouldnt be used. The use of NX prevents many common buffer overflow vulnerabilities. Microsoft Corp. also uses NX in XP SP2.
“Everything thats old is new again. This was an important part of the [Digital Equipment Corp.] VAX architecture back in the early 1980s. Closing openings to malicious code is a very important part of the evolution of Linux,” said Dan Kusnetzky, IDCs system software program vice president.
Update 3 also includes Ximians Evolution Connector for Microsoft Exchange. This enables Linux e-mail clients, specifically Ximian Evolution, to log into Microsoft Exchange servers as if they were Outlook clients.
In addition, Update 3 includes many smaller improvements to existing programs, more and improved device drivers and support for additional IBMs POWER5 platforms.
“The early release of several security enhancements with RHEL 3 Update 3 highlights the talent of Red Hat engineering and the pressure to integrate innovative security services,” said Stacey Quandt, open source practice leader for the Robert Frances Group.
“Fundamental changes in the security capabilities of Linux are vital since it is positioned as the No. 2 operating system based on new server shipments after Microsoft Windows.” Quandt continued. “However, advances in operating system security are only as good as the users who take advantage of them. How secure an IT infrastructure is will not only vary based on the Linux distribution and Microsoft product and service pack deployed, but also by what customers choose to implement.”
Check out eWEEK.coms Linux & Open Source Center for the latest open-source news, reviews and analysis.