Red Hat Updates Security Features In Enterprise Linux
On Tuesday, the Linux software leader announced Red Hat Enterprise Linux 3 Update 3, offering Exec-Shield and Position Independent Executable (PIE) features as well as expanded support for No Execute (NX) security features for the 64-bit extended processors of Intel and Advanced Micro Devices.
Gareth O'Loughlin, product marketing manager for Red Hat Enterprise Linux, said the three security enhancements work in parallel to provide protection against stack and buffer overflows as well as exploits that attempt to overwrite data structures in memory.
Exec-Shield is a software implementation that--for the first time--mimics and makes use of the NX technology found in Intel's EM64T and AMD's AMD64 processors, he said. The update also supports Intel's x86 architecture for 32-bit processors.
The announcement comes weeks after Microsoft made available its long-awaited Windows XP Service Pack 2, a major update with new security features and enhancements.
Red Hat said it is releasing update 3 in advance of the 2005 date originally set--but not in response to any security crisis.
"This is more of a proactive thing," said O'Loughlin. "The features reduce the consequences of a security exploit. If someone achieves an exploit, which is hard to do in Linux, the damage is essentially diminished [because] where they can execute code is blocked out."
O'Loughlin described this week's security update as "incremental." The biggest security advances will occur with SELinux, slated for Enterprise Linux 4, Red Hat's first distribution based on the Linux 2.6 kernel.
"SELinux is viewed as a new paradigm in how you deploy the technology and the way you specify access and controls and roles for people," O'Loughlin said.
Novell's SUSE subsidiary--Red Hat's primary competitor in the commercial Linux OS market--announced its Linux 2.6 distribution last month.