Red Hat Previews Linux 3 Update 3

by Timothy Prickett Morgan

Commercial Linux distributor Red Hat is talking up its forthcoming tweak of its Enterprise Linux 3, Update 3. In Red Hat nomenclature, an update is akin to a dot release for a Unix operating system and what Microsoft calls a Service Pack in its Windows environment. Update 3 for Enterprise Linux 3 will have the usual round of bug and security patches, but it will also include support for new security features and IBM's Power5-based "Squadron" servers.

According to Deb Woods, vice president of product management at Red Hat, Update 3 has been in beta for some time and will begin to ship at the end of August, not at the end of September as previously reported. Even IBM has been telling customers of its new eServer i5 (iSeries) and p5 (pSeries) Power5-based servers that the Red Hat Update 3 that is required to support these machines is not due until September 30. With Novell expected to start shipping its SuSE Linux Enterprise Server 9 on these IBM machines (as well as others) on August 31, it looks like Red Hat has moved up its launch date to meet Novell. The SuSE 9 server software is based on the Linux 2.6 kernel, while Red Hat's Linux 3 is based on a version of the 2.4 kernel that was tweaked last year to have many of the then-future features of Linux 2.6. SuSE 9 will also be supported on the new IBM Power5 gear. Both Red Hat and Novell currently support Xeon, Opteron, and Itanium platforms, and Power5 and its simultaneous multithreading and hypervisor microcode layer are so different from Power4 (which had neither) that Power5 necessitated both Red Hat and SuSE to provide a new release.

Update 3 will include three new security features, one of which has already been released in beta form in the Fedora Core 2 experimental desktop platform that Red Hat uses as a testbed for new Linux technologies. In early June, one of the coders at Red Hat released a patch for Fedora that makes use of the No Execute, or NX, security feature that Intel, Advanced Micro Devices, Transmeta, and VIA Technologies are adding to their X86 desktop and server processors. NX was first developed in AMD's Opteron processors, and Red Hat's code is heavily based on work done for X86 support by Intel. The NX feature uses a special extra bit in the memory page tables of X86 processors to designate an area of memory as executable or not for a specific program. If implemented properly, NX should stop rogue viruses and worms from exploiting stack overflows and buffer overflows that allow them to put rogue programs into unmapped areas of memory and then execute them. The Power processors do not support NX.

Linux 3 Update 3 will also support a new feature called ExecShield, which designates area of memory in a workstation or server as being accessible to only the Linux kernel and its software stack. Rogue programs cannot execute in these protected areas. NX restricts where applications can go in memory, while ExecShield partitions off memory spaces where only Linux code itself can run. They are not the same thing, and together, the security of a server can be significantly enhanced. To make things even harder for hackers, Update 3 will also support a new memory feature called Position Independent Executable (PIE), which forces applications to seek out random locations in main memory rather than seek out specific locations, which many programs currently do. When coders create programs that seek out specific memory areas, they make it easier for hackers to piggyback on them to get into memory and execute bad stuff.

Update 3 will also include the Evolution Connector for Microsoft Exchange, which was developed by the Ximian unit of Novell. Red Hat was an early supporter of the Evolution client (I used it on Red Hat 7.1), so supporting the Evolution Connector, which allows Linux clients to log into Exchange e-mail servers as if they were Microsoft's Outlook, is really no surprise. Novell put the Evolution Connector software out into the open source realm a few months ago, which has given Red Hat enough time to weave it into Update 3.

Like other updates, Update 3 will be available for free to all customers who are currently on maintenance support through the Red Hat Network. And as is the practice in the open source Linux community, Update 3 will also be available as source code for those who do not want to pay Red Hat for service and installation support.