PAXCTL(8) | System Manager's Manual | PAXCTL(8) |
paxctl
— list and
modify PaX flags associated with an ELF program
paxctl |
[-0 | flags]
program ... |
The paxctl
utility is used to list and
manipulate PaX flags associated with an ELF program. The PaX flags signify
to the loader the privilege protections to be applied to mapped memory
pages, and fuller explanations of the specific protections can be found in
the security(7) manpage.
To view existing flags on a program, execute
paxctl
without any flags.
If -0
option is specified, all PaX flags
(including reserved bits) are cleared. Otherwise, each flag can be prefixed
either with a ‘+
’ or a
‘-
’ sign to add or remove the flag,
respectively.
The following flags are available:
mprotect(2), sysctl(3), options(4), elf(5), security(7), sysctl(8), fileassoc(9)
The paxctl
utility first appeared in
NetBSD 4.0.
The paxctl
utility is modeled after a tool
of the same name available for Linux from the PaX project.
Elad Efrat
<elad@NetBSD.org>
Christos Zoulas
<christos@NetBSD.org>
The paxctl
utility uses
elf(5) note sections to mark
executables with PaX flags. This means that, as one might expect, the PaX
settings do not persist if the program file is replaced. It also means that
running paxctl
changes the target executable, which
can be undesirable in production. In general, paxctl
settings should be applied to programs at build time.
August 20, 2023 | NetBSD 10.99 |