mark :: blog

04 Jan 2007: Security Features in Red Hat Enterprise Linux and Fedora Core

Late last year a reporter contacted me who was interested in the various security features and innovations in Red Hat Enterprise Linux and Fedora. She particularly wanted to know the dates when each first made it into a shipping product. In the end the article was published in a German magazine and was not publically available. It's a shame to waste the work as I don't think this has ever all been collected together into one place before, so here is the table. It's possible I've missed one or two of the features, and I've not broken down the big things like SELinux where we could talk about the number of default policies in each release or the number of binaries compiled PIE, but drop me a mail if you see any issues.

	Fedora Core						Red Hat Enterprise Linux
	1	2	3	4	5	6	3	4
	2003Nov	2004May	2004Nov	2005Jun	2006Mar	2006Oct	2003Oct	2005Feb
Default requires signed updates	Y	Y	Y	Y	Y	Y	Y	Y
NX emulation using segment limits by default	Y	Y	Y	Y	Y	Y	since 2004Sep	Y
Support for Position Independent Executables (PIE)	Y	Y	Y	Y	Y	Y	since 2004Sep	Y
ASLR for Stack/mmap by default	Y	Y	Y	Y	Y	Y	since 2004Sep	Y
ASLR for vDSO (if vDSO enabled)	no vDSO	Y	Y	Y	Y	Y	no vDSO	Y
Restricted access to kernel memory by default		Y	Y	Y	Y	Y		Y
NX by default for supported processors/kernels		since 2004Jun	Y	Y	Y	Y	since 2004Sep	Y
Support for SELinux		Y	Y	Y	Y	Y		Y
SELinux default enabled with targetted policies			Y	Y	Y	Y		Y
glibc heap/memory checks by default			Y	Y	Y	Y		Y
Support for FORTIFY_SOURCE, used on selected packages			Y	Y	Y	Y		Y
All packages compiled using FORTIFY_SOURCE				Y	Y	Y
Support for ELF Data Hardening				Y	Y	Y		Y
All packages compiled with stack smashing protection					Y	Y
Pointer encryption						Y
CVE compatible							Y	Y
OVAL compatible							since 2006May	since 2006May

New: Updated version from 7th January 2008

Created: 04 Jan 2007
Tagged as: fedora , red hat, security