paxctl(8) - NetBSD Manual Pages

Command: Section: Arch: Collection:  
PAXCTL(8)               NetBSD System Manager's Manual               PAXCTL(8)


NAME
paxctl -- list and modify PaX flags associated with an ELF program
SYNOPSIS
paxctl [-0 | flags] program ...
DESCRIPTION
The paxctl utility is used to list and manipulate PaX flags associated with an ELF program. The PaX flags signify to the loader the privilege protections to be applied to mapped memory pages, and fuller explanations of the specific protections can be found in the security(7) manpage. To view existing flags on a program, execute paxctl without any flags. If -0 option is specified, all PaX flags (including reserved bits) are cleared. Otherwise, each flag can be prefixed either with a `+' or a `-' sign to add or remove the flag, respectively. The following flags are available: a Explicitly disable PaX ASLR (Address Space Layout Randomization). A Explicitly enable PaX ASLR. g Explicitly disable PaX Segvguard. G Explicitly enable PaX Segvguard. m Explicitly disable PaX MPROTECT (mprotect(2) restrictions). M Explicitly enable PaX MPROTECT.
SEE ALSO
mprotect(2), sysctl(3), options(4), elf(5), security(7), sysctl(8), fileassoc(9)
HISTORY
The paxctl utility first appeared in NetBSD 4.0. The paxctl utility is modeled after a tool of the same name available for Linux from the PaX project.
AUTHORS
Elad Efrat <elad@NetBSD.org> Christos Zoulas <christos@NetBSD.org>
RESTRICTIONS
The paxctl utility uses elf(5) note sections to mark executables with PaX flags. This means that, as one might expect, the PaX settings do not persist if the program file is replaced. It also means that running paxctl changes the target executable, which can be undesirable in produc- tion. In general, paxctl settings should be applied to programs at build time. NetBSD 10.99 August 20, 2023 NetBSD 10.99
Powered by man-cgi (2024-03-20). Maintained for NetBSD by Kimmo Suominen. Based on man-cgi by Panagiotis Christias.