xref: /netbsd-src/usr.sbin/paxctl/paxctl.8 (revision 500db002748d9818288e46e10f026a2b09548086) 
1.\"	$NetBSD: paxctl.8,v 1.10 2008/08/11 10:58:02 christos Exp $
2.\"
3.\" Copyright 2006 Elad Efrat <elad@NetBSD.org>
4.\" Copyright 2008 Christos Zoulas <christos@NetBSD.org>
5.\" All rights reserved.
6.\"
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. The name of the author may not be used to endorse or promote products
13.\"    derived from this software without specific prior written permission.
14.\"
15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25.\"
26.Dd August 11, 2008
27.Dt PAXCTL 8
28.Os
29.Sh NAME
30.Nm paxctl
31.Nd list and modify PaX flags associated with an ELF program
32.Sh SYNOPSIS
33.Nm
34.Ar flags
35.Ar program ...
36.Sh DESCRIPTION
37The
38.Nm
39utility is used to list and manipulate PaX flags associated with an ELF
40program.
41.Pp
42Each flag can be prefixed either with a
43.Dq +
44or a
45.Dq -
46sign to add or remove the flag, respectively.
47.Pp
48The following flags are available:
49.Bl -tag -width flag
50.It a
51Explicitly disable PaX ASLR for
52.Ar program .
53.It A
54Explicitly enable PaX ASLR for
55.Ar program .
56.It g
57Explicitly disable PaX Segvguard for
58.Ar program .
59.It G
60Explicitly enable PaX Segvguard for
61.Ar program .
62.It m
63Explicitly disable PaX MPROTECT
64.Po Xr mprotect 2
65restrictions
66.Pc
67for
68.Ar program .
69.It M
70Explicitly enable PaX MPROTECT
71.Po Xr mprotect 2
72restrictions
73.Pc
74for
75.Ar program .
76.El
77.Pp
78To view existing flags on a file, execute
79.Nm
80without any flags.
81.Sh SEE ALSO
82.Xr sysctl 3 ,
83.Xr options 4 ,
84.Xr security 8 ,
85.Xr sysctl 8
86.Sh HISTORY
87The
88.Nm
89utility first appeared in
90.Nx 4.0 .
91.Pp
92The
93.Nm
94utility is modeled after a tool of the same name available for Linux from the
95PaX project.
96.Sh AUTHORS
97.An Elad Efrat Aq elad@NetBSD.org
98.An Christos Zoulas Aq christos@NetBSD.org
99.Sh BUGS
100The
101.Nm
102utility currently uses
103.Xr elf 5
104.Dq note
105sections to mark executables as PaX Segvguard enabled.
106This will be done using
107.Xr fileassoc 9
108in the future so that we can control who does the marking and
109not altering the binary file signature.
110