NAME
paxctl
- list and modify PaX flags associated with an ELF program
SYNOPSIS
paxctl
flags
program ...
DESCRIPTION
The
paxctl
utility is used to list and manipulate PaX flags associated with an ELF
program.
Each flag can be prefixed either with a
``+''
or a
``-''
sign to add or remove the flag, respectively.
The following flags are available:
- a
-
Explicitly disable PaX ASLR for
program.
- A
-
Explicitly enable PaX ASLR for
program.
- g
-
Explicitly disable PaX Segvguard for
program.
- G
-
Explicitly enable PaX Segvguard for
program.
- m
-
Explicitly disable PaX MPROTECT
(mprotect(2) restrictions)
for
program.
- M
-
Explicitly enable PaX MPROTECT
restrictions
(mprotect(2))
for
program.
To view existing flags on a file, execute
paxctl
without any flags.
SEE ALSO
sysctl(3),
options(4),
security(8),
sysctl(8)
HISTORY
The
paxctl
utility first appeared in
NetBSD4.0.
The
paxctl
utility is modeled after a tool of the same name available for Linux from the
PaX project.
AUTHORS
Elad Efrat <elad@NetBSD.org>
Christos Zoulas <christos@NetBSD.org>
BUGS
The
paxctl
utility currently uses
elf(5)
``note''
sections to mark executables as PaX Segvguard enabled.
This will be done using
fileassoc(9)
in the future so that we can control who does the marking and
not altering the binary file signature.