Updated: 2022/Sep/29
Please read Privacy Policy. It's for your privacy.
PAXCTL(8) System Manager's Manual PAXCTL(8) NAME paxctl - list and modify PaX flags associated with an ELF program SYNOPSIS paxctl [-0 | flags] program ... DESCRIPTION The paxctl utility is used to list and manipulate PaX flags associated with an ELF program. The PaX flags signify to the loader the privilege protections to be applied to mapped memory pages, and fuller explanations of the specific protections can be found in the security(7) manpage. To view existing flags on a program, execute paxctl without any flags. If -0 option is specified, all PaX flags (including reserved bits) are cleared. Otherwise, each flag can be prefixed either with a `+' or a `-' sign to add or remove the flag, respectively. The following flags are available: a Explicitly disable PaX ASLR (Address Space Layout Randomization). A Explicitly enable PaX ASLR. g Explicitly disable PaX Segvguard. G Explicitly enable PaX Segvguard. m Explicitly disable PaX MPROTECT (mprotect(2) restrictions). M Explicitly enable PaX MPROTECT. SEE ALSO mprotect(2), sysctl(3), options(4), elf(5), security(7), sysctl(8), fileassoc(9) HISTORY The paxctl utility first appeared in NetBSD 4.0. The paxctl utility is modeled after a tool of the same name available for Linux from the PaX project. AUTHORS Elad Efrat <elad@NetBSD.org> Christos Zoulas <christos@NetBSD.org> RESTRICTIONS The paxctl utility uses elf(5) note sections to mark executables with PaX flags. This means that, as one might expect, the PaX settings do not persist if the program file is replaced. It also means that running paxctl changes the target executable, which can be undesirable in production. In general, paxctl settings should be applied to programs at build time. NetBSD 10.99 August 20, 2023 NetBSD 10.99