Updated: 2022/Sep/29
Please read Privacy Policy. It's for your privacy.
PAXCTL(8) System Manager's Manual PAXCTL(8)
NAME
paxctl - list and modify PaX flags associated with an ELF program
SYNOPSIS
paxctl [-0 | flags] program ...
DESCRIPTION
The paxctl utility is used to list and manipulate PaX flags associated
with an ELF program. The PaX flags signify to the loader the privilege
protections to be applied to mapped memory pages, and fuller explanations
of the specific protections can be found in the security(7) manpage.
To view existing flags on a program, execute paxctl without any flags.
If -0 option is specified, all PaX flags (including reserved bits) are
cleared. Otherwise, each flag can be prefixed either with a `+' or a `-'
sign to add or remove the flag, respectively.
The following flags are available:
a Explicitly disable PaX ASLR (Address Space Layout Randomization).
A Explicitly enable PaX ASLR.
g Explicitly disable PaX Segvguard.
G Explicitly enable PaX Segvguard.
m Explicitly disable PaX MPROTECT (mprotect(2) restrictions).
M Explicitly enable PaX MPROTECT.
SEE ALSO
mprotect(2), sysctl(3), options(4), elf(5), security(7), sysctl(8),
fileassoc(9)
HISTORY
The paxctl utility first appeared in NetBSD 4.0.
The paxctl utility is modeled after a tool of the same name available for
Linux from the PaX project.
AUTHORS
Elad Efrat <elad@NetBSD.org>
Christos Zoulas <christos@NetBSD.org>
RESTRICTIONS
The paxctl utility uses elf(5) note sections to mark executables with PaX
flags. This means that, as one might expect, the PaX settings do not
persist if the program file is replaced. It also means that running
paxctl changes the target executable, which can be undesirable in
production. In general, paxctl settings should be applied to programs at
build time.
NetBSD 10.99 August 20, 2023 NetBSD 10.99