SYNTAX
paxctl <flags> <files>
DESCRIPTION
paxctl is a tool that allows PaX flags to be modified on a per-binary
basis. PaX is part of common security-enhancing kernel patches and
secure distributions, such as GrSecurity or Adamantix and Hardened Gen-
too, respectively. Your system needs to be running a properly patched
and configured kernel for this program to have any effect.
-P enforce paging based non-executable pages (PAGEEXEC)
-p do not enforce paging based non-executable pages (NOPAGEEXEC)
-E emulate trampolines (EMUTRAMP)
-e do not emulate trampolines (NOEMUTRAMP)
-M enforce secure memory protections (MPROTECT)
-m do not enforce secure memory protections (NOMPROTECT)
-R randomize memory regions (RANDMMAP)
-r do not randomize memory regions (NORANDMMAP)
-X randomize base address of normal (ET_EXEC) executables (RAN-
DEXEC)
-x do not randomize base address of normal (ET_EXEC) executables
(NORANDEXEC)
-S enforce segmentation based non-executable pages (SEGMEXEC)
-s do not enforce segmentation based non-executable pages (NOSEG-
MEXEC)
-v view flags
-z restore default flags (further flags still apply)
-c create the PT_PAX_FLAGS program header if it does not exist by
converting the PT_GNU_STACK program header if it exists
-C create the PT_PAX_FLAGS program header if it does not exist by
adding a new program header, if it is possible
-q suppress error messages
-Q report flags in short format
CAVEATS
The old PaX flag location and control method have been obsoleted, if
Note that paxctl does not make backup copies of the files it modifies.
AUTHOR
Written by The PaX Team <pageexec@freemail.hu>
This manpage was adapted from the chpax manpage written by Martin F.
Krafft <madduck@debian.org> for the Debian GNU/Linux Distribution, but
may be used by others.
SEE ALSO
chpax(1), gradm(8)
PaX website: http://pax.grsecurity.net
GrSecurity website: http://www.grsecurity.net
Adamantix website: http://adamantix.org
Hardened Gentoo website: http://www.gentoo.org/proj/en/hardened
|
