R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from IT Week
ADVERTISEMENT

Linux fights off worms

Red Hat's Linux modified to cut scope for worm atttacks

Roger Howorth, IT Week 29 Sep 2003
ADVERTISEMENT

The forthcoming Red Hat Enterprise Linux (RHEL) 3 suite will include a new feature to thwart worms and hackers.

The news arrives as the security of open-source systems comes under increased scrutiny. Less than two weeks ago, several serious security vulnerabilities were revealed in OpenSSH and Sendmail, two popular open-source software packages.

The RHEL 3 server operating system, due to ship within weeks, includes a feature called Position Independent Executables (PIE). This is a modification to the Linux kernel developed by Red Hat to reduce the threat from worms and other buffer-overflow based attacks.

Red Hat has adapted a number of open-source programs for use with PIE, which causes the kernel to put them into different memory locations each time they are loaded. Experts say that hackers need to know the relative locations of programs and libraries in order to exploit buffer overflows. And worms must be tuned for each set of memory locations.

"There will always be bugs in software," said Mark Cox of Red Hat's security response team. "Even programming text books have flawed code. But buffer overflows should not be exploitable by hackers."

Cox argued that the best way to prevent buffer overflows from being exploited is to increase the diversity of software and, in particular, to randomise the locations where programs load and store their various components.

"This would make it impossible to write worms," he added.

See also:

Red Hat refashions Linux
The leading Linux vendor says its upcoming enterprise release has been shaped by corporate feedback  26 Sep 2003

All Operating Systems

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Web Developer, Software House, London
| Aston Carter
The role will be developing a website for the external broker clients. The team are looking for a experienced website developer to help lead the project using agile methodologies and test driven development. You should ... more >
Senior Storage Analyst, Media, West London
| Aston Carter
Senior Storage Analyst, West London REQUIRED: NetApps FAS, Data OPTAP, EMC hardware, EMC software The worlds leading and largest Broadcasters who are known worldwide for their use of cutting edge technology and fantastic talented team ... more >
Field Service Engineer - Leeds, West Yorkshire - Epos, file server and hardware
| Concept IT
Field service engineer based within close proximity to the Leeds area in West Yorkshire or be willing to relocate. The centre of the area of cover is Leeds to need to live within 10 miles ... more >
Java Agile Developer, Media, London
| Aston Carter
Java Agile Developer, Media, London AGILE Expert needed Required: Java, Agile, Excellent Academics If you are an expert in Agile or enjoy working in an Agile environment then this is the perfect role for you. ... more >
More job opportunities
Accountancy Age
Active Home
Best Practice
Computeractive
Computing
Computing Business
CRN
Financial Director
Infomatics
Information World Review
IT Week
Management Consultancy
Network IT Week
Personal Computer World
PC Magazine
VNU Web seminars
vnunet.com
Webactive
What PC?
Useful links: About vnu network | Privacy policy | Terms & conditions
Access keys | Top of page | Feedback
VNU Business Publications
© 1995-2009 All rights reserved
VNU Business Publications Ltd., 32-34 Broadwick Street, London, W1A 2HG, is a company registered in England and Wales with company number 01513633
part of part of vnu.net europe