- NetBSD Manual Pages
PAXCTL(8) NetBSD System Manager's Manual PAXCTL(8)
Powered by man-cgi (2021-06-01).
Maintained for NetBSD
by Kimmo Suominen.
Based on man-cgi by Panagiotis Christias.
paxctl -- list and modify PaX flags associated with an ELF program
paxctl flags program ...
The paxctl utility is used to list and manipulate PaX flags associated
with an ELF program. The PaX flags signify to the loader the privilege
protections to be applied to mapped memory pages, and fuller explanations
of the specific protections can be found in the security(7) manpage.
Each flag can be prefixed either with a ``+'' or a ``-'' sign to add or
remove the flag, respectively.
The following flags are available:
a Explicitly disable PaX ASLR (Address Space Layout Randomization)
A Explicitly enable PaX ASLR for program.
g Explicitly disable PaX Segvguard for program.
G Explicitly enable PaX Segvguard for program.
m Explicitly disable PaX MPROTECT (mprotect(2) restrictions) for
M Explicitly enable PaX MPROTECT (mprotect(2) restrictions) for
To view existing flags on a file, execute paxctl without any flags.
mprotect(2), sysctl(3), options(4), elf(5), security(7), sysctl(8),
The paxctl utility first appeared in NetBSD 4.0.
The paxctl utility is modeled after a tool of the same name available for
Linux from the PaX project.
Elad Efrat <elad@NetBSD.org>
Christos Zoulas <christos@NetBSD.org>
The paxctl utility currently uses elf(5) ``note'' sections to mark exe-
cutables as having PaX flags enabled. This will be done using
fileassoc(9) in the future so that we can control who does the marking
and not altering the binary file signature. (Note this also means that
at present any flags set do not survive binary file upgrades.)
NetBSD 9.99 November 7, 2016 NetBSD 9.99