release-notes/devel/en_US Security.xml,1.30,1.31
Murray McAllister (mdious)
fedora-docs-commits at redhat.com
Mon Apr 7 10:44:56 UTC 2008
Author: mdious
Update of /cvs/docs/release-notes/devel/en_US
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv366/en_US
Modified Files:
Security.xml
Log Message:
updating content as per wiki
Index: Security.xml
===================================================================
RCS file: /cvs/docs/release-notes/devel/en_US/Security.xml,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- Security.xml 17 Mar 2008 22:43:03 -0000 1.30
+++ Security.xml 7 Apr 2008 10:44:54 -0000 1.31
@@ -27,9 +27,13 @@
<ulink url="http://fedoraproject.org/wiki/Security/Features">security
features</ulink>.
</para>
+</section>
+
+ <section id="Support-for-SHA-256-and-SHA-512-passwords">
+ <title>Support for SHA-256 and SHA-512 passwords</title>
<para>
- The <package>glibc</package> package in Fedora 8 had support for
+ The <package>glibc</package> package in Fedora 8 had <ulink url="http://people.redhat.com/drepper/sha-crypt.html">support</ulink> for
passwords using SHA-256 and SHA-512 hashing. Previously, only DES
and MD5 were available. These tools have been extended in Fedora
9. Password hashing using the SHA-256 and SHA-512 hash functions
@@ -97,6 +101,51 @@
</listitem>
</itemizedlist>
</section>
+
+ <section id="FORTIFY_SOURCE-extended-to-cover-more-functions">
+ <title>FORTIFY_SOURCE extended to cover more functions</title>
+ <para>
+ <ulink url="http://fedoraproject.org/wiki/Security/Features#FORTIFY_SOURCE">FORTIFY_SOURCE</ulink> protection now covers <computeroutput>asprintf</computeroutput>, <computeroutput>dprintf</computeroutput>, <computeroutput>vasprintf</computeroutput>, <computeroutput>vdprintf</computeroutput>, <computeroutput>obstack_printf</computeroutput> and <computeroutput>obstack_vprintf</computeroutput>. This is particularly useful for application that use the <package>glib2</package> library, as various functions from it use <computeroutput>vasprintf</computeroutput>.
+ </para>
+ </section>
+
+ <section id="SELinux-Enhancements">
+ <title>SELinux Enhancements</title>
+ <para>
+ Different roles are now available, to allow finer-grained access control:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <computeroutput>guest_t</computeroutput> does not allow running setuid binaries, making network connections, or using a GUI
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <computeroutput>xguest_t</computeroutput> disallows network access except for HTTP via a Web browser, and no setuid binaries
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <computeroutput>user_t</computeroutput> is ideal for office users: prevents becoming root via setuid applications
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <computeroutput>staff_t</computeroutput> is same as <computeroutput>user_t</computeroutput>, except that root access via <command>sudo</command> is allowed
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <computeroutput>unconfined_t</computeroutput> provides full access, the same as when not using SELinux
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ As well, browser plug-ins wrapped with <computeroutput>nspluginwrapper</computeroutput>, which is the default, now run confined.
+ </para>
+ </section>
+
<section id="sn-General-Information">
<title>General Information</title>
More information about the Fedora-docs-commits
mailing list