man chpax (Administration système) - user-space utility to control PaX flags

NAME

chpax - user-space utility to control PaX flags

SYNTAX

chpax [-PpEeMmRrXxSsvz] <FILE1> [<FILE2> ...]

DESCRIPTION

chpax is a tool that allows PaX flags to be modified on a per-binary basis. PaX is part of common security-enhancing kernel patches, like GrSecurity. Your system needs to be running an appropriately patched kernel for this program to have any effect.

-P
enforce paging based non-executable pages
-p
do not enforce paging based non-executable pages
-E
emulate trampolines
-e
do not emulate trampolines
-M
restrict mprotect()
-m
do not restrict mprotect()
-R
randomize mmap() base
-r
do not randomize mmap() base
-X
randomize ET_EXEC base
-x
do not randomize ET_EXEC base
-S
enforce segmentation based non-executable pages
-s
do not enforce segmentation based non-executable pages
-v
view current flag mask
-z
zero flag mask (next flags still apply)

CAVEATS

chpax does not currently parse standard command line arguments. Only the first argument is parsed, and it must contain all of the above flags you wish to use. So, instead of, e.g., "-v -p -r" you have to use "-vpr".

AUTHOR

Written by The PaX Team <pageexec@freemail.hu>

This manpage was written by Martin F. Krafft <madduck@debian.org> for the Debian GNU/Linux Distribution, but may be used by others.

SEE ALSO

gradm(1)

The PaX website: http://pax.grsecurity.net

The GrSecurity website: http://www.grsecurity.net