R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from IT Week
ADVERTISEMENT

Linux fights off worms

Red Hat's Linux modified to cut scope for worm atttacks

Roger Howorth, IT Week 29 Sep 2003
ADVERTISEMENT

The forthcoming Red Hat Enterprise Linux (RHEL) 3 suite will include a new feature to thwart worms and hackers.

The news arrives as the security of open-source systems comes under increased scrutiny. Less than two weeks ago, several serious security vulnerabilities were revealed in OpenSSH and Sendmail, two popular open-source software packages.

The RHEL 3 server operating system, due to ship within weeks, includes a feature called Position Independent Executables (PIE). This is a modification to the Linux kernel developed by Red Hat to reduce the threat from worms and other buffer-overflow based attacks.

Red Hat has adapted a number of open-source programs for use with PIE, which causes the kernel to put them into different memory locations each time they are loaded. Experts say that hackers need to know the relative locations of programs and libraries in order to exploit buffer overflows. And worms must be tuned for each set of memory locations.

"There will always be bugs in software," said Mark Cox of Red Hat's security response team. "Even programming text books have flawed code. But buffer overflows should not be exploitable by hackers."

Cox argued that the best way to prevent buffer overflows from being exploited is to increase the diversity of software and, in particular, to randomise the locations where programs load and store their various components.

"This would make it impossible to write worms," he added.

See also:

Red Hat refashions Linux
The leading Linux vendor says its upcoming enterprise release has been shaped by corporate feedback  26 Sep 2003

All Operating Systems

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Software Test Engineer
| JAM Recruitment
Software Test Engineer 6 Weeks Contract £ 35 per hour Wiltshire We have an urgent need for a Software Test Engineer. Main Duties: ·Sound understanding of full software lifecycle ·Solid experience in requirements analysis ·Requirements ... more >
Software Test Engineer
| JAM Recruitment
Software Test Engineer 3 Months Contract £35 per hour Wiltshire We have an urgent need for a Software Test Engineer. Main Duties: ·Sound understanding of full software lifecycle ·Solid experience in requirements analysis ·Requirements based ... more >
Business Analyst
| Aston Carter
Major Investment Bank requires a Business Analyst to work within reference data IT. The reference data IT function is responsible for the three internal systems. One of the systems is a strategic repository for Client ... more >
Occupational Health Opportunities
| JAM Recruitment
Job Ref: CY - 27021979 Package: £25 – 42,000 +Bens Location: YORKSHIRE Job type: Occupational Health Position type: Permanent Hours: Full time Contact name: Mr Colin Youle Contact Company: JAM HUMAN RESOURCES Are you a ... more >
More job opportunities
Accountancy Age
Active Home
Best Practice
Computeractive
Computing
Computing Business
CRN
Financial Director
Infomatics
Information World Review
IT Week
Management Consultancy
Network IT Week
Personal Computer World
PC Magazine
VNU Web seminars
vnunet.com
Webactive
What PC?
Useful links: About vnu network | Privacy policy | Terms & conditions
Access keys | Top of page | Feedback
VNU Business Publications
© 1995-2008 All rights reserved
VNU Business Publications Ltd., 32-34 Broadwick Street, London, W1A 2HG, is a company registered in England and Wales with company number 01513633
part of part of vnu.net europe