1.\" $NetBSD: paxctl.8,v 1.9 2008/02/11 18:05:58 elad Exp $ 2.\" 3.\" Copyright 2006 Elad Efrat <elad@NetBSD.org> 4.\" All rights reserved. 5.\" 6.\" 1. Redistributions of source code must retain the above copyright 7.\" notice, this list of conditions and the following disclaimer. 8.\" 2. Redistributions in binary form must reproduce the above copyright 9.\" notice, this list of conditions and the following disclaimer in the 10.\" documentation and/or other materials provided with the distribution. 11.\" 3. The name of the author may not be used to endorse or promote products 12.\" derived from this software without specific prior written permission. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24.\" 25.Dd February 11, 2008 26.Dt PAXCTL 8 27.Os 28.Sh NAME 29.Nm paxctl 30.Nd list and modify PaX flags associated with an ELF program 31.Sh SYNOPSIS 32.Nm 33.Ar flags 34.Ar program ... 35.Sh DESCRIPTION 36The 37.Nm 38utility is used to list and manipulate PaX flags associated with an ELF 39program. 40.Pp 41Each flag can be prefixed either with a 42.Dq + 43or a 44.Dq - 45sign to add or remove the flag, respectively. 46.Pp 47The following flags are available: 48.Bl -tag -width flag 49.It a 50Explicitly disable PaX ASLR for 51.Ar program . 52.It A 53Explicitly enable PaX ASLR for 54.Ar program . 55.It g 56Explicitly disable PaX Segvguard for 57.Ar program . 58.It G 59Explicitly enable PaX Segvguard for 60.Ar program . 61.It m 62Explicitly disable PaX MPROTECT 63.Po Xr mprotect 2 64restrictions 65.Pc 66for 67.Ar program . 68.It M 69Explicitly enable PaX MPROTECT 70.Po Xr mprotect 2 71restrictions 72.Pc 73for 74.Ar program . 75.El 76.Pp 77To view existing flags on a file, execute 78.Nm 79without any flags. 80.Sh SEE ALSO 81.Xr sysctl 3 , 82.Xr options 4 , 83.Xr security 8 , 84.Xr sysctl 8 85.Sh HISTORY 86The 87.Nm 88utility first appeared in 89.Nx 4.0 . 90.Pp 91The 92.Nm 93utility is modeled after a tool of the same name available for Linux from the 94PaX project. 95.Sh AUTHORS 96.An Elad Efrat Aq elad@NetBSD.org 97.An Christos Zoulas Aq christos@NetBSD.org 98.Sh BUGS 99The 100.Nm 101utility currently uses 102.Xr elf 5 103.Dq note 104sections to mark executables as PaX Segvguard enabled. 105This will be done using 106.Xr fileassoc 9 107in the future so that we can control who does the marking. 108