PAXCTL(8) | System Manager's Manual | PAXCTL(8) |
paxctl
—
paxctl |
flags program ... |
paxctl
utility is used to list and manipulate PaX
flags associated with an ELF program. The PaX flags signify to the loader the
privilege protections to be applied to mapped memory pages, and fuller
explanations of the specific protections can be found in the
security(7) manpage.
Each flag can be prefixed either with a “+” or a “-” sign to add or remove the flag, respectively.
The following flags are available:
To view existing flags on a file, execute
paxctl
without any flags.
paxctl
utility first appeared in
NetBSD 4.0.
The paxctl
utility is modeled after a tool
of the same name available for Linux from the PaX project.
paxctl
utility currently uses
elf(5) “note”
sections to mark executables as having PaX flags enabled. This will be done
using fileassoc(9) in the
future so that we can control who does the marking and not altering the binary
file signature. (Note this also means that at present any flags set do not
survive binary file upgrades.)
November 7, 2016 | NetBSD 9.4 |