Dear Wiki user, You have subscribed to a wiki page or wiki category on "Fedora Project Wiki" for change notification. The following page has been changed by BobJensen: http://fedoraproject.org/wiki/Docs/Beats/Security The comment on the change is: Marking FC5 Content ------------------------------------------------------------------------------ + {{{ + Fedora Core 5 Release Notes Content is marked like this. + }}} = Security = This section highlights various security items from Fedora Core. @@ -9, +12 @@ A general introduction to the many proactive security features in Fedora, current status and policies is available at http://fedoraproject.org/wiki/Security. == What's New == - + {{{ === PAM module Deprecation === `Pam_stack` is deprecated in this release. Linux-PAM 0.78 and later contains the {{{include}}} directive which obsoletes the `pam_stack` module. `pam_stack` module usage is logged with a deprecation warning. It might be removed in a future release. It must not be used in individual service configurations anymore. All packages in Fedora Core using PAM were modified so they do not use it. @@ -17, +20 @@ || (!) '''Upgrading and PAM Stacks''' || || When a system is upgraded from previous Fedora Core releases and the system admininstrator previously modified some service configurations, those modified configuration files are ''not'' replaced when new packages are installed. Instead, the new configuration files are created as `.rpmnew` files. Such service configurations must be fixed so the `pam_stack` module is not used. Refer to the `.rpmnew` files for the actual changes needed. || - {{{ - diff -u /etc/pam.d/foo /etc/pam.d/foo.rpmnew + {{{ diff -u /etc/pam.d/foo /etc/pam.d/foo.rpmnew - }}} + ##}}} The following example shows the `/etc/pam.d/login` configuration file in its original form using `pam_stack`, and then revised with the {{{include}}} directive. - {{{ - #%PAM-1.0 + {{{ #%PAM-1.0 auth required pam_securetty.so auth required pam_stack.so service=system-auth auth required pam_nologin.so @@ -37, +38 @@ session optional pam_console.so # pam_selinux.so open should be the last session rule session required pam_selinux.so open - }}} + ##}}} - {{{ - #%PAM-1.0 + {{{ #%PAM-1.0 auth required pam_securetty.so auth include system-auth # no module should remain after 'include' if 'sufficient' might @@ -58, +58 @@ session optional pam_console.so # pam_selinux.so open should be the last session rule session required pam_selinux.so open - }}} + ##}}} === Buffer Overflow detection and variable reordering === @@ -67, +67 @@ This is a security feature written by Red Hat developers (http://gcc.gnu.org/ml/gcc-patches/2005-05/msg01193.html), reimplementing the IBM Pro``Police/SSP feature. For more information about Pro``Police/SSP, refer to http://www.research.ibm.com/trl/projects/security/ssp/. This feature is available as part of the GCC 4.1 compiler used in Fedora Core [[GetVal(DocsDict,BeatsVar)]]. The `FORTIFY_SOURCE` security feature for `gcc` and `glibc` introduced in Fedora Core 4 remains available. For more information about security features in Fedora, refer to http://fedoraproject.org/wiki/Security/Features. - + }}} [[Include(/SELinux)]] ---- CategorySecurity
