paxctl(8) - NetBSD Manual Pages

Command: Section: Arch: Collection:  
PAXCTL(8)               NetBSD System Manager's Manual               PAXCTL(8)

paxctl -- list and modify PaX flags associated with an ELF program
paxctl [-0 | flags] program ...
The paxctl utility is used to list and manipulate PaX flags associated with an ELF program. The PaX flags signify to the loader the privilege protections to be applied to mapped memory pages, and fuller explanations of the specific protections can be found in the security(7) manpage. To view existing flags on a program, execute paxctl without any flags. If -0 option is specified, all PaX flags (including reserved bits) are cleared. Otherwise, each flag can be prefixed either with a `+' or a `-' sign to add or remove the flag, respectively. The following flags are available: a Explicitly disable PaX ASLR (Address Space Layout Randomization). A Explicitly enable PaX ASLR. g Explicitly disable PaX Segvguard. G Explicitly enable PaX Segvguard. m Explicitly disable PaX MPROTECT (mprotect(2) restrictions). M Explicitly enable PaX MPROTECT.
mprotect(2), sysctl(3), options(4), elf(5), security(7), sysctl(8), fileassoc(9)
The paxctl utility first appeared in NetBSD 4.0. The paxctl utility is modeled after a tool of the same name available for Linux from the PaX project.
Elad Efrat <> Christos Zoulas <>
The paxctl utility uses elf(5) note sections to mark executables with PaX flags. This means that, as one might expect, the PaX settings do not persist if the program file is replaced. It also means that running paxctl changes the target executable, which can be undesirable in produc- tion. In general, paxctl settings should be applied to programs at build time. NetBSD 10.99 August 20, 2023 NetBSD 10.99
Powered by man-cgi (2021-06-01). Maintained for NetBSD by Kimmo Suominen. Based on man-cgi by Panagiotis Christias.