The
paxctl utility is used to list and manipulate PaX flags associated with an ELF program. The PaX flags signify to the loader the privilege protections to be applied to mapped memory pages, and fuller explanations of the specific protections can be found in the
security(8) manpage.
Each flag can be prefixed either with a “+” or a “-” sign to add or remove the flag, respectively.
The following flags are available:
a
Explicitly disable PaX ASLR (Address Space Layout Randomization) for program.
A
Explicitly enable PaX ASLR for program.
g
Explicitly disable PaX Segvguard for program.
G
Explicitly enable PaX Segvguard for program.
m
Explicitly disable PaX MPROTECT (
mprotect(2) restrictions) for
program.
M
Explicitly enable PaX MPROTECT (
mprotect(2) restrictions) for
program.
To view existing flags on a file, execute
paxctl without any flags.