September 28, 2016
 
 
RSSRSS feed

Linux Top 3: RHEL 6.7, Chromixium 1.0 and OpenBSD 5.7

  • May 7, 2015
  • By Sean Michael Kerner

1) Chromixium 1.0

You've heard of Chrome OS (the base operating system for Chromebooks) and we all know Ubuntu - what do you get when you attempt to combine the two? That's the goal of the Chromixium distro, which uses an Ubuntu based and then layer on a ChromeOS-like interface for look and feel .Chromixium is based on Ubuntu Linux 14.04 and is powered by a Linux  3.13.0-51.84 kernel.


Chromixium combines the elegant simplicity of the Chromebook with the flexibility and stability of Ubuntu’s Long Term Support release. Chromixium puts the web front and center of the user experience. Web and Chrome apps work straight out of the browser to connect you to all your personal, work and education networks.


2) OpenBSD 5.7

OpenBSD 5.7 was released on April 30 and is the 38th release from the *nix/BSD distro.


This is our 37th release on CD-ROM (and 38th via FTP/HTTP).  We remain proud of OpenBSD's record of more than ten years with only two remote holes in the default install. As in our previous releases, 5.7 provides significant improvements, including new features, in nearly all areas of the system


Perhaps the most noteworthy enhancements are in security with:

Security improvements:

  •     Stricter enforcement of W^X in the kernel address space, especially on architectures with the right featureset (amd64, in particular, has seen substantial improvements).
  •     Support for loadable kernel modules has been removed.
  •     procfs has been removed.
  •     Comprehensive audit of the tree to use the reallocarray(3) idiom throughout.
  •     Many conversions from select(2) to poll(2).
  •     /var/tmp is now a symbolic link to /tmp, as a first step towards reducing the "fill it up" attack surface against the /var partition.
  •     memcpy(3) with overlapping arguments now aborts a program (with a syslog report), allowing these problems to be found. Overlapping copies should use memmove(3). Sometime after 5.7 release, having learned more about the situation and repairing instances that are discovered by users during release use, we will go back to the optimized version.
  •     Change rand(3), random(3), drand48(3), lrand48(3), mrand48(3), srand48(3) to return non-deterministic strong random values by default, sourced from arc4random(3). New functions srand_deterministic(3), srandom_deterministic(3), seed48_deterministic(3) and lcong48_deterministic(3) are added for cases where determinism needs to be requested.
  •     At resume (or unhibernate) time, use a variety of methods to reseed the random number generator. This also works on VMs which wake up (if a wakeup event is seen).
  •     All architectures have been transitioned to static PIE, meaning the statically linked binaries in /bin and /sbin now have randomly located text segments.
  •     Allow larger .openbsd.randomdata ELF segments.
  •     Sync kernel AES code and ssh(1) AES code to the one shipped with OpenSSL/LibreSSL.
  •     Removed passwd(1) support for all password ciphers except blowfish(3).
  •     Use sha512 instead of md5 for tcp(4) initial sequence number.
  •     Use sha512 instead of md5 in the random number generator.
  •     Delete secret or secret-derived data in many base utilities with explicit_bzero(3).



3) Red Hat Enterprise Linux 6.7 Beta

Red Hat released a beta of RHEL 6.7 this week, including some features that are already in RHEL 7.1 and some new bits as well.


The enhanced functionality provided by Red Hat Enterprise Linux 6.7 beta enables organizations to tailor their infrastructure for the business needs of today while remaining flexible enough to prepare for the IT challenges of tomorrow, starting with helping enterprises to preserve investments in existing infrastructure. These include:
 * Increased interoperability with Active Directory and Identity Management servers through the addition of new capabilities to the Identity Management client code (SSSD).
 * Clufter, included as a Technology Preview, a tool/library for analyzing and transforming cluster configuration formats enables system administrators to update existing high-availability configurations to run on the latest high-availability tools from Red Hat Enterprise Linux.

 

Sean Michael Kerner is a senior editor at Linux Planet and InternetNews.com. Follow him on Twitter @TechJournalist

Sitemap | Contact Us