linux下的保护机制,FORTIFY_SOURCE和Linux安全保护机制

今天在编译一个软件的时候发现“FORTIFY_SOURCE”字样，搜了一把，找到了Fedora core对其安全机制进行介绍的页面。顺手转过来。

Fedora is the thought and action leader in many of the latest Linux security initiatives. The following security features were developed by Fedora engineers. In line with the Fedora policy, these security features have been pushed upstream and they are available to all Linux distributions who choose to take advantage of them.

For a table of which features are in particular Fedora versions, refer to http://www.awe.com/mark/blog/200801070918.html

Firewall by default

Fedora provides a default firewall that can limit both incoming and outgoing connections and Fedora 8 and above includes a very user friendly system-config-firewall utility.

Easy and Painless Administration: PolicyKit

Following all the other security enhancements comes PolicyKit .  !PolicyKit is a new toolkit from Fedora developers for controlling privileges of system-wide services. Instead of elevating privileges wholesale to the entire program when needed, !PolicyKit enables very fine grained isolation of higher privileges to small services or non-graphical utilities. This functionality is accessed by programs through a D-Bus interface in coordination with HAL, allowing administrators to control how users perform certain tasks, and which tasks they are allowed to perform. Support for !PolicyKit will be added to administrative tasks and tools throughout the distribution in an incremental fashion.

SELi