Thu Apr 28 11:57:08 2011 UTC ()
security(7), not (8).


(wiz)
diff -r1.11 -r1.12 src/usr.sbin/paxctl/paxctl.8
cvs diff -r1.11 -r1.12 src/usr.sbin/paxctl/paxctl.8 (switch to unified diff)

--- src/usr.sbin/paxctl/paxctl.8 2009/09/17 08:07:17 1.11
+++ src/usr.sbin/paxctl/paxctl.8 2011/04/28 11:57:08 1.12
@@ -1,117 +1,117 @@ @@ -1,117 +1,117 @@
1.\" $NetBSD: paxctl.8,v 1.11 2009/09/17 08:07:17 plunky Exp $ 1.\" $NetBSD: paxctl.8,v 1.12 2011/04/28 11:57:08 wiz Exp $
2.\" 2.\"
3.\" Copyright 2006 Elad Efrat <elad@NetBSD.org> 3.\" Copyright 2006 Elad Efrat <elad@NetBSD.org>
4.\" Copyright 2008 Christos Zoulas <christos@NetBSD.org> 4.\" Copyright 2008 Christos Zoulas <christos@NetBSD.org>
5.\" All rights reserved. 5.\" All rights reserved.
6.\" 6.\"
7.\" 1. Redistributions of source code must retain the above copyright 7.\" 1. Redistributions of source code must retain the above copyright
8.\" notice, this list of conditions and the following disclaimer. 8.\" notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright 9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\" notice, this list of conditions and the following disclaimer in the 10.\" notice, this list of conditions and the following disclaimer in the
11.\" documentation and/or other materials provided with the distribution. 11.\" documentation and/or other materials provided with the distribution.
12.\" 3. The name of the author may not be used to endorse or promote products 12.\" 3. The name of the author may not be used to endorse or promote products
13.\" derived from this software without specific prior written permission. 13.\" derived from this software without specific prior written permission.
14.\" 14.\"
15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25.\" 25.\"
26.Dd September 17, 2009 26.Dd September 17, 2009
27.Dt PAXCTL 8 27.Dt PAXCTL 8
28.Os 28.Os
29.Sh NAME 29.Sh NAME
30.Nm paxctl 30.Nm paxctl
31.Nd list and modify PaX flags associated with an ELF program 31.Nd list and modify PaX flags associated with an ELF program
32.Sh SYNOPSIS 32.Sh SYNOPSIS
33.Nm 33.Nm
34.Ar flags 34.Ar flags
35.Ar program ... 35.Ar program ...
36.Sh DESCRIPTION 36.Sh DESCRIPTION
37The 37The
38.Nm 38.Nm
39utility is used to list and manipulate PaX flags associated with an ELF 39utility is used to list and manipulate PaX flags associated with an ELF
40program. 40program.
41The PaX flags signify to the loader the privilege protections to be applied 41The PaX flags signify to the loader the privilege protections to be applied
42to mapped memory pages, and fuller explanations of the specific protections 42to mapped memory pages, and fuller explanations of the specific protections
43can be found in the 43can be found in the
44.Xr security 8 44.Xr security 7
45manpage. 45manpage.
46.Pp 46.Pp
47Each flag can be prefixed either with a 47Each flag can be prefixed either with a
48.Dq + 48.Dq +
49or a 49or a
50.Dq - 50.Dq -
51sign to add or remove the flag, respectively. 51sign to add or remove the flag, respectively.
52.Pp 52.Pp
53The following flags are available: 53The following flags are available:
54.Bl -tag -width flag 54.Bl -tag -width flag
55.It a 55.It a
56Explicitly disable PaX ASLR (Address Space Layout Randomization) for 56Explicitly disable PaX ASLR (Address Space Layout Randomization) for
57.Ar program . 57.Ar program .
58.It A 58.It A
59Explicitly enable PaX ASLR for 59Explicitly enable PaX ASLR for
60.Ar program . 60.Ar program .
61.It g 61.It g
62Explicitly disable PaX Segvguard for 62Explicitly disable PaX Segvguard for
63.Ar program . 63.Ar program .
64.It G 64.It G
65Explicitly enable PaX Segvguard for 65Explicitly enable PaX Segvguard for
66.Ar program . 66.Ar program .
67.It m 67.It m
68Explicitly disable PaX MPROTECT 68Explicitly disable PaX MPROTECT
69.Po Xr mprotect 2 69.Po Xr mprotect 2
70restrictions 70restrictions
71.Pc 71.Pc
72for 72for
73.Ar program . 73.Ar program .
74.It M 74.It M
75Explicitly enable PaX MPROTECT 75Explicitly enable PaX MPROTECT
76.Po Xr mprotect 2 76.Po Xr mprotect 2
77restrictions 77restrictions
78.Pc 78.Pc
79for 79for
80.Ar program . 80.Ar program .
81.El 81.El
82.Pp 82.Pp
83To view existing flags on a file, execute 83To view existing flags on a file, execute
84.Nm 84.Nm
85without any flags. 85without any flags.
86.Sh SEE ALSO 86.Sh SEE ALSO
87.Xr mprotect 2 , 87.Xr mprotect 2 ,
88.Xr sysctl 3 , 88.Xr sysctl 3 ,
89.Xr options 4 , 89.Xr options 4 ,
90.Xr elf 5 , 90.Xr elf 5 ,
91.Xr security 8 , 91.Xr security 7 ,
92.Xr sysctl 8 , 92.Xr sysctl 8 ,
93.Xr fileassoc 9 93.Xr fileassoc 9
94.Sh HISTORY 94.Sh HISTORY
95The 95The
96.Nm 96.Nm
97utility first appeared in 97utility first appeared in
98.Nx 4.0 . 98.Nx 4.0 .
99.Pp 99.Pp
100The 100The
101.Nm 101.Nm
102utility is modeled after a tool of the same name available for Linux from the 102utility is modeled after a tool of the same name available for Linux from the
103PaX project. 103PaX project.
104.Sh AUTHORS 104.Sh AUTHORS
105.An Elad Efrat Aq elad@NetBSD.org 105.An Elad Efrat Aq elad@NetBSD.org
106.An Christos Zoulas Aq christos@NetBSD.org 106.An Christos Zoulas Aq christos@NetBSD.org
107.Sh BUGS 107.Sh BUGS
108The 108The
109.Nm 109.Nm
110utility currently uses 110utility currently uses
111.Xr elf 5 111.Xr elf 5
112.Dq note 112.Dq note
113sections to mark executables as PaX Segvguard enabled. 113sections to mark executables as PaX Segvguard enabled.
114This will be done using 114This will be done using
115.Xr fileassoc 9 115.Xr fileassoc 9
116in the future so that we can control who does the marking and 116in the future so that we can control who does the marking and
117not altering the binary file signature. 117not altering the binary file signature.