Dear Wiki user, You have subscribed to a wiki page or wiki category on "Fedora Project Wiki" for change notification. The following page has been changed by LubomirKundrak: http://fedoraproject.org/wiki/Docs/Beats/Security?action=diff&rev2=52&rev1=51 The comment on the change is: Add FORTIFY_SOURCE and SELinux ------------------------------------------------------------------------------ === Security Enhancements === Fedora continues to improve its many proactive [http://fedoraproject.org/wiki/Security/Features security features]. + + ==== Support for SHA-256 and SHA-512 passwords ==== The `glibc` package in Fedora 8 had [http://people.redhat.com/drepper/sha-crypt.html support] for passwords using SHA-256 and SHA-512 hashing. Previously, only DES and MD5 were available. These tools have been extended in Fedora 9. Password hashing using the SHA-256 and SHA-512 hash functions is now supported. @@ -23, +25 @@ * New options, `ENCRYPT_METHOD`, `SHA_CRYPT_MIN_ROUNDS`, and `SHA_CRYPT_MAX_ROUNDS`, are now supported in `/etc/login.defs`. Refer to the `login.defs(5)` man page for details. Corresponding options were added to `chpasswd(8)` and `newusers(8)`. + ==== FORTIFY_SOURCE extended to cover more functions ==== + + [http://fedoraproject.org/wiki/Security/Features#head-2f26f1e8c2bc1b5d397cdcae042449ce07a6f51d FORTIFY_SOURCE] protection now covers {{{asprintf}}}, {{{dprintf}}}, {{{vasprintf}}}, {{{vdprintf}}}, {{{obstack_printf}}} and {{{obstack_vprintf}}}. This is particularly useful for application that use {{{glib2}}} library, as various functions from it use {{{vasprintf}}}. + + ==== SELinux enhancements ==== + + * Browser plugins wrapped with {{{nspluginwrapper}}} (which is the default) now run confined + * Different roles are now available, to allow fine-graining access control + * {{{guest_t}}} doesn't allow running setuid binaries, making network connections or using GUI + * {{{xguest_t}}} disallows network access except for HTTP via web browser, no setuid binaries + * {{{user_t}}} is ideal for office users, prevents becoming root via setuid applications + * {{{staff_t}}} is same as {{{user_t}}}, except for root access via {{{sudo}}} is allowed + * {{{unconfined_t}}} provides full access, same as without SELinux + === General Information === A general introduction to the many proactive security features in Fedora, current status, and policies is available at http://fedoraproject.org/wiki/Security. -- Fedora-relnotes-content mailing list Fedora-relnotes-content@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-relnotes-content
