- NetBSD Manual Pages
PAXCTL(8) NetBSD System Manager's Manual PAXCTL(8)
Powered by man-cgi (2021-06-01).
Maintained for NetBSD
by Kimmo Suominen.
Based on man-cgi by Panagiotis Christias.
paxctl -- list and modify PaX flags associated with an ELF program
paxctl [-0 | flags] program ...
The paxctl utility is used to list and manipulate PaX flags associated
with an ELF program. The PaX flags signify to the loader the privilege
protections to be applied to mapped memory pages, and fuller explanations
of the specific protections can be found in the security(7) manpage.
To view existing flags on a program, execute paxctl without any flags.
If -0 option is specified, all PaX flags (including reserved bits) are
cleared. Otherwise, each flag can be prefixed either with a `+' or a `-'
sign to add or remove the flag, respectively.
The following flags are available:
a Explicitly disable PaX ASLR (Address Space Layout Randomization).
A Explicitly enable PaX ASLR.
g Explicitly disable PaX Segvguard.
G Explicitly enable PaX Segvguard.
m Explicitly disable PaX MPROTECT (mprotect(2) restrictions).
M Explicitly enable PaX MPROTECT.
mprotect(2), sysctl(3), options(4), elf(5), security(7), sysctl(8),
The paxctl utility first appeared in NetBSD 4.0.
The paxctl utility is modeled after a tool of the same name available for
Linux from the PaX project.
Elad Efrat <elad@NetBSD.org>
Christos Zoulas <christos@NetBSD.org>
The paxctl utility uses elf(5) note sections to mark executables with PaX
flags. This means that, as one might expect, the PaX settings do not
persist if the program file is replaced. It also means that running
paxctl changes the target executable, which can be undesirable in produc-
tion. In general, paxctl settings should be applied to programs at build
NetBSD 10.99 August 20, 2023 NetBSD 10.99