Tuesday, November 10, 2009

Ubuntu 9.10 Is Out!

Ubuntu 9.10 (nicked named Karmic Kuala) is out and it has number of security improvements (over the previous version) that I would like to highlight:
  • AppArmor - AppArmor was introduced earlier that Karmic Kuala; In this release, it features an improved parser that uses cache files, greatly speeding up initialisation on boot making it less likely to be switched off by users, and a bunch of additional profiles.
  • Uncomplicated Firewall - Another "not new" feature which now supports filtering by interface and egress filtering.
  • Non-eXecutable Emulation - Non-eXecutable (NX) memory protection, also known as eXecute-Disable (XD), can help block many exploits an attacker might run from stack or heap memory. The 32-bit PAE desktop kernel (linux-image-generic-pae) now also provides the PAE mode needed for hardware with the NX CPU feature. For systems that lack NX hardware, the 32-bit kernels now provide an approximation of the NX CPU feature via software emulation.
  • Blocking Module Loading - To block the loading of any further modules after boot, the /proc/sys/kernel/modules_disabled one-way sysctl flag now exists to add another layer of protections against attackers loading kernel rootkits.
  • Position-Independent Executables - All programs built as Position Independent Executables (PIE) with "-fPIE -pie" (gcc -pie -fPIE) can take advantage of the exec Address Space Layout Randomisation(ASLR). This protects against "return-to-text" and generally frustrates memory corruption attacks.
A full list of Ubuntu security features can be found at https://wiki.ubuntu.com/Security/Features.

No comments:

Post a Comment