Red Hat Takes It to the 'NX' Level
September 9, 2004
Though its next official full release is still months away, enterprise Linux player Red Hat is rolling out the latest incremental update to its Red Hat Enterprise Linux (RHEL) 3 product.
The latest features are all about security. The update also marks the third incremental update to RHEL3 since it was released in November of 2003.
Red Hat's Enterprise Linux product line is on an official 18-month release schedule as part of its mandate to provide stability to enterprise users. Prior to today's announcement, Red Hat said new security features in update 3 were not originally scheduled to enter RHEL until 2005.
One of the new features in update 3, NX (no execute) support, was a source of discussion on the main Linux Kernel developers' list in June.
At the time, Red Hat revealed its intention to rapidly incorporate NX support in both its community Linux project Fedora Core and RHEL. NX security is a significant addition for Red Hat, in that it effectively closes the door on a common virus security exploit. What NX security essentially does is add a "do not execute" bit, which makes use of the NX x86 feature that already exists in Intel, Transmeta and AMD 64-bit CPUs.
The NX "bit" prevents a virus or worm from executing its malicious payload. NX security has also been referred by vendors such as AMD as "Enhanced Virus Protection" because of its ability to stop viruses in their tracks.
The other significant security enhancements to RHEL are the inclusion of Linux kernel-based Exec-shield and PIE (Position Independent Executable) features.
These two related security enhancements provide protection against stack, buffer or function pointer overflows. The enhancements also are intended to make it harder for a malicious attacker to be able to execute a "shell-code" exploit and other exploits where an attacker overwrites data structures in memory and may also place code into those same structures.
Update 3 of RHEL 3 also includes Novell Ximian's Exhange Connector for the Evolution groupware client. Exchange Connector was recently GPLed by Novell and allows Evolution (which is included with RHEL 3) to connect with Microsoft Exchange mail servers.
RHEL 3 update 3 has also added support for IBM's Power5 servers.
This article was originally published on internetnews.com.