The forthcoming Red Hat Enterprise Linux (RHEL) 3 suite will include a new feature to thwart worms and hackers.

The news arrives as the security of open-source systems comes under increased scrutiny. Less than two weeks ago, several serious security vulnerabilities were revealed in OpenSSH and Sendmail, two popular open-source software packages.

The RHEL 3 server operating system, due to ship within weeks, includes a feature called Position Independent Executables (PIE). This is a modification to the Linux kernel developed by Red Hat to reduce the threat from worms and other buffer-overflow based attacks.

Red Hat has adapted a number of open-source programs for use with PIE, which causes the kernel to put them into different memory locations each time they are loaded. Experts say that hackers need to know the relative locations of programs and libraries in order to exploit buffer overflows. And worms must be tuned for each set of memory locations.

"There will always be bugs in software," said Mark Cox of Red Hat's security response team. "Even programming text books have flawed code. But buffer overflows should not be exploitable by hackers."

Cox argued that the best way to prevent buffer overflows from being exploited is to increase the diversity of software and, in particular, to randomise the locations where programs load and store their various components.

"This would make it impossible to write worms," he added.