chatr man page on HP-UX

Man page or keyword search:  
man Server   10987 pages
apropos Keyword Search (all sections)
Output format
HP-UX logo
[printable version]

chatr_ia(1)							   chatr_ia(1)

NAME
       chatr_ia:  chatr	 -  change  program's internal attributes on Integrity
       systems

SYNOPSIS
   Format 1: for files with a single text segment and a single data segment
       library] mode] mode] flag]
	      flag] flag] flag] flag] flag] flag] size] flag]  flag]  library]
	      flag]  flag]  flag]  flag]  flag]	 size] size] flag] flag] flag]
	      flag] file ...

   Format 2: for explicit specification of segments
       address | index} mode] flag]
	      flag] flag] flag] flag] size] flag] flag] flag] flag] file ...

   Remarks
       This manpage describes on Integrity systems.  For on  PA-RISC  systems,
       see chatr_pa(1).

DESCRIPTION
       allows  you  to	change	a program's internal attributes for 32-bit and
       64-bit ELF files.

       There are two syntactic forms that can be used to invoke

       ·  allows easy manipulation of ordinary files that have only  a	single
	  text segment and a single data segment.

       ·  allows explicit specification of the segments to be modified.

       Upon  completion, prints the file's old and new values to standard out‐
       put unless is specified.

       The and options only provide a hint for the virtual memory  page	 size.
       The  actual  page  sizes may vary.  Under certain conditions, page size
       hints of may result in better performance, depending  on	 the  specific
       memory requirements of the application.

       The  performance	 of  some  applications may benefit from static branch
       prediction, others may not.  The option provides a hint	for  using  or
       avoiding this feature.

       The and related options provide performance enhancements through use of
       global symbol table which improves searching for exported symbols.  See
       dld.so(5) and the for more information.

       To  use	Format	2,  first  specify  the	 segment you want to modify by
       address (with the option) or index (with the option),  or  specify  all
       segments (with the option).  Then use the or options to modify the seg‐
       ment attributes.	 You can include more than one segment on the  command
       line as long as you specify each segment with an or option, followed by
       the modifying options.

   Options
       Indicate that the specified shared library
		      is subject to run-time path  lookup  if  directory  path
		      lists are provided (see and

       Perform its operation silently.

       Enable null pointer dereference trap.
		      Run-time	dereference  of	 null  pointers will produce a
		      SIGSEGV signal.  (This is the complement of the option.)

       Select run-time binding behavior mode of a program
		      using shared libraries.  You must	 specify  one  of  the
		      binding  modes  or  See the for a description of binding
		      modes.

       Disable null pointer dereference trap.
		      (This is the complement of the option.)

       Control the address space model to be used by the kernel.
		      Possible values for mode are and The  default  value  is
		      currently	 equivalent to In order to set the mode to any
		      value other than the default,  the  binary  should  have
		      been  built  with the compiler option to ensure that the
		      text and data segments are contiguous.

       Control whether the embedded path list
		      stored when the program (if any) was built can  be  used
		      to  locate  shared libraries needed by the program.  The
		      two flag values, and respectively enable and disable use
		      of  the  embedded path list.  However, you cannot use on
		      an ELF file, and a warning message is issued.   See  the
		      option.	You  can use the option to enable the embedded
		      path for filter libraries.

       (Format 2 only.) Enable or disable the code bit for  a  specified  seg‐
       ment.
		      If  this	is  enabled, it is denoted by the flag for the
		      segment listing in the output.

       Enable or disable the code bit for the file's data segment(s).
		      If this is enabled, it is denoted by the	flag  for  the
		      segment listing in the output.

       Enable or disable the code bit for the file's text segments(s).
		      If  this	is  enabled, it is denoted by the flag for the
		      segment listing in the output.

       Enable or disable the ability to run a program, and, after it  is  run‐
       ning,
		      attach  to it with a debugger and set breakpoints in its
		      dependent shared libraries.  When enabled,  this	allows
		      for  mapping  the text segments of shared libraries in a
		      private, writable region.	 Also, you can use  this  fea‐
		      ture  on	individual  shared  libraries, which makes the
		      text segment mapped private.  If contains the string "",
		      all  shared  libraries are mapped private.  You can also
		      specify a colon-separated list of	 shared	 library  base
		      names  with  this	 option, following an equal character;
		      for example:

       Change the dynamic optimization setting.	 The flag
		      value enables dynamic optimizations for  a  load	module
		      (executable or shared library), if the run-time environ‐
		      ment supports this feature.  The	flag  value  prohibits
		      dynamic optimizations for a load module.	The flag value
		      restores the default setting, which allows the  run-time
		      environment  to  enable or disable dynamic optimizations
		      for a load module.

       (Format 2 only.) Enable or disable lazy swap allocation for dynamically
		      allocated segments (such as the stack or heap).

       Control the ability of user code to execute from stack with the
		      flag values, and See the section	below  for  additional
		      information related to security issues.

       Control whether the global symbol table hash mechanism is
		      used  to look up values of symbol import/export entries.
		      The two flag values, and respectively enable and disable
		      use  of  the  global  symbol  table hash mechanism.  The
		      default is

       Request a particular hash array
		      size using the global symbol table hash mechanism.   The
		      value  can vary between 1 and The default value is 1103.
		      Use this option with This option works  on  files	 liked
		      with the option.

       Controls the preference of physical memory for the data segment.
		      This  is	only  important on ccNUMA (Cache Coherent Non-
		      Uniform Memory Architecture) systems.   The  flag	 value
		      may be either enable or disable.	When enabled, the data
		      segment will use interleaved memory.  When disabled (the
		      default),	 the  data segment will use cell local memory.
		      This behavior will be inherited across a but not an

		      For more information regarding ccNUMA, see  pstat_getlo‐
		      cality(2).

       Request kernel assisted branch prediction.
		      The  flags  and  turn  this  request on and off, respec‐
		      tively.

       Indicate that the specified shared library
		      is not subject to run-time path lookup if directory path
		      lists are provided (see and

       (Format 2 only.) Enable or disable the modification bit for a specified
       segment.
		      If this is enabled, it is denoted by the	flag  for  the
		      segment listing in the output.

       Enable or disable the modification bit for the file's data segment(s).
		      If  this	is  enabled, it is denoted by the flag for the
		      segment listing in the output.

       or	      the dynamic loader to  automatically  preload  and  also
		      maps  shared  libraries as private.  The library is used
		      to support heap analysis through GDB.

       Enable or disable the shared library segment merging features.
		      When enabled, all	 data  segments	 of  shared  libraries
		      loaded  at  program  startup  are	 merged	 into a single
		      block.   Data  segments  for  each  dynamically	loaded
		      library  will  also  be merged with the data segments of
		      its dependent  libraries.	  Merging  of  these  segments
		      increases run-time performance by allowing the kernel to
		      use larger size page table entries.

       Enable or disable the modification bit for the file's text segment(s).
		      If this is enabled, it is denoted by the	flag  for  the
		      segment listing in the output.

       Enable or disable the
		      flag  to control use of in calculating the absolute path
		      of the working directory.	 Enabling the  flag  instructs
		      the dynamic loader to calculate the absolute path of the
		      current working directory when the parent module (object
		      module,  shared library, or executable) is first loaded.
		      The loader then uses this path for  all  occurrences  of
		      The loader then uses this path for all occurrences of in
		      the dependent libraries.

		      If there are no occurrences of you  should  disable  the
		      flag,  to	 avoid	calculating  the  absolute  path.   By
		      default, if is not present, the flag is disabled.

       (Format 2 only.)	 Set the page size for a specified segment.

       Request a particular virtual memory page size that
		      should be used for data.	Sizes of and are supported.  A
		      size  of results in using the default page size.	A size
		      of results in using the  largest	page  size  available.
		      The actual page size may vary if the requested size can‐
		      not be fulfilled.

       Request a particular virtual memory page size that
		      should be used for text (instructions).  See the	option
		      for additional information.

       Request static branch prediction when executing this
		      program.	 The  flags  and turn this request on and off,
		      respectively.  If this is enabled, it is denoted by  the
		      flag for the segment listing in the output.

       This is an     to the option.

       Control whether the directory path list specified with the
		      and  environment	variable  can be used to locate shared
		      libraries needed by the program.	The two	 flag  values,
		      and  respectively enable and disable use of the environ‐
		      ment variable.  If both and  are	used,  their  relative
		      order on the command line indicates which path list will
		      be searched first.  See the option.

       (Format 2 only.)
		      Specify  a  segment  using  an  address  for  a  set  of
		      attribute modifications.

       (Format 2 only.)
		      Use all segments in the file for a set of attribute mod‐
		      ifications.

       (Format 2 only.)
		      Specify a segment using a segment index number for a set
		      of attribute modifications.

       Enable or disable lazy swap on all data segments (using FORMAT 1) or on
       a
		      specific segment (using 2).  The	flags  and  turn  this
		      request  on  or  off respectively.  May not be used with
		      non-data segments.

       Enable or disable dynamic instrumentation by
		      If enabled, the  dynamic	loader	(see  dld.so(5))  will
		      automatically  invoke  upon program execution to collect
		      profile information.

   Restricting Execute Permission on Stacks
       A frequent or common method of breaking into systems is by  maliciously
       overflowing  buffers  on	 a  program's stack, such as passing unusually
       long, carefully chosen command line arguments to a  privileged  program
       that  does  not expect them.  Malicious unprivileged users can use this
       technique to trick a privileged program into starting a superuser shell
       for them, or to perform similar unauthorized actions.

       One  simple  yet highly effective way to reduce the risk from this type
       of attack is to remove the execute permission from  a  program's	 stack
       pages.	This  improves system security without sacrificing performance
       and has no negative effects on the vast majority of legitimate applica‐
       tions.	The  changes  described	 in  this section only affect the very
       small number of programs that try to execute (or are tricked into  exe‐
       cuting) instructions located on the program's stack(s).

       If  the	stack  protection feature described in this section is enabled
       for a program and that  program	attempts  to  execute  code  from  its
       stack(s),  the  HP-UX  kernel will terminate the program with a signal,
       display a message referring to this manual page	section,  and  log  an
       error  message  to  the	system message log (use to view the error mes‐
       sage).  The message logged by the kernel is:

       If you see one of these messages, check with  the  program's  owner  to
       determine  whether this program is legitimately executing code from its
       stack.  If it is, you can use one or  both  of  the  methods  described
       below  to  make	the  program  functional again.	 If the program is not
       legitimately executing code from its stack, you	should	suspect	 mali‐
       cious activity and take appropriate action.

       HP-UX  provides	two options to permit legitimate execution from a pro‐
       gram's stack(s).	 Combinations of these two options help make site-spe‐
       cific tradeoffs between security and compatibility.

       The  first  method  is  the use of the option of and affects individual
       programs.  It is typically used to specify  that	 a  particular	binary
       must  be	 able  to  execute  from  its  stack, regardless of the system
       default setting.	 This allows a restrictive system  default  while  not
       preventing  legitimate  programs from executing code on their stack(s).
       Ideally this  option  should  be	 set  (if  needed)  by	the  program's
       provider,  to  minimize	the  need  for manual intervention by whomever
       installs the program.

       An alternate method is setting the kernel tunable parameter, to	set  a
       system-wide  default  for  whether  stacks are executable.  Setting the
       parameter to 1 (one) with (see sam(1M)) tells the HP-UX kernel to allow
       programs	 to execute on the program stack(s).  Use this setting if com‐
       patibility with older releases is more important than  security.	  Set‐
       ting  the parameter to  0 (zero), the recommended setting, is appropri‐
       ate if security is more important  than	compatibility.	 This  setting
       significantly  improves	system security with minimal, if any, negative
       effects on legitimate applications.

       Combinations of these settings may be  appropriate  for	many  applica‐
       tions.	For  example, after setting to 0, you may find that one or two
       critical applications no longer work because  they  have	 a  legitimate
       need  to	 execute  from their stack(s).	Programs such as simulators or
       interpreters that  use  self-modifying  code  are  examples  you	 might
       encounter.   To	obtain	the  security benefits of a restrictive system
       default while still letting these specific applications run  correctly,
       set  to	0,  and run on the specific binaries that need to execute code
       from their stack(s).  These binaries can be easily identified when they
       are  executed, because they will print error messages referring to this
       manual page.

       The possible settings for are as follows:

	    A setting of 0 (the default value) causes stacks  to  be  non-exe‐
	    cutable
		   and is strongly preferred from a security perspective.

	    A setting of 1
		   causes  all	program stacks to be executable, and is safest
		   from a compatibility perspective but is  the	 least	secure
		   setting for this parameter.

	    A setting of 2
		   is  equivalent to a setting of 0, except that it gives non-
		   fatal warnings instead of terminating  a  process  that  is
		   trying  to  execute	from its stack.	 Using this setting is
		   helpful for users to gain confidence that using a value  of
		   0  will  not	 hurt  their  legitimate applications.	Again,
		   there is less security protection.

       The table below summarizes the results from using the possible combina‐
       tions  of  and when executing from the program's stack.	Running relies
       solely on the setting of the kernel  tunable  parameter	when  deciding
       whether or not to grant execute permission for stacks and is equivalent
       to not having run on the binary.

       chatr +es	    executable_stack   Action
       ───────────────────────────────────────────────────────────────
       enable			   1	       program runs normally
       disable or		   1	       program runs normally
	 chatr is not run
       ───────────────────────────────────────────────────────────────
       enable			   0	       program runs normally
       disable or		   0	       program is killed
	 chatr is not run
       ───────────────────────────────────────────────────────────────
       enable			   2	       program runs normally
       disable or		   2	       program runs normally
	 chatr is not run		       with warning displayed

RETURN VALUE
       returns zero on success.	 If the command line contents is syntactically
       incorrect,  or one or more of the specified files cannot be acted upon,
       returns information about the files whose attributes could not be modi‐
       fied.  If no files are specified, returns decimal 255.

   Illegal options
       If  you	use  an illegal option, returns the number of non-option words
       present after the first illegal option.	The following example  returns
       4:

   Invalid arguments
       If you use an invalid argument with a valid option and you do not spec‐
       ify a file name, returns 0, as in this example:

       If you specify a file name (regardless  of  whether  or	not  the  file
       exists),	 returns the number of files specified.	 The following example
       returns 3:

   Invalid files
       If the command cannot act on any of the files  given,  it  returns  the
       total  number of files specified (if some option is specified).	Other‐
       wise it returns the number of files upon which it could	not  act.   If
       does  not  have read/write permission, the first of the following exam‐
       ples returns 4 and the second returns 1:

EXTERNAL INFLUENCES
   Environment Variables
       The following internationalization variables affect the execution of

       Determines the locale category for native language, local customs and
			 coded character set in the absence of and other envi‐
			 ronment  variables.  If is not specified or is set to
			 the empty string, a default of (see lang(5)) is  used
			 instead of

       Determines the values for all locale categories and has precedence over
			 and other environment variables.

       Determines the locale category for character handling functions.

       Determines the locale that should be used to affect the format
			 and  contents of diagnostic messages written to stan‐
			 dard error.

       Determines the locale category for numeric formatting.

       Determines the location of message catalogues for the processing
			 of

       If any  internationalization  variable  contains	 an  invalid  setting,
       behaves	as  if all internationalization variables are set to See envi‐
       ron(5).

       In addition, the following environment variable affects

       Specifies a directory
			 for temporary files (see tmpnam(3S)).

EXAMPLES
       Change to demand-loaded

       Change binding mode of program file that uses shared libraries to imme‐
       diate and nonfatal.  Also enable usage of environment variable:

       Disallow	 run-time  path	 lookup for the shared library that the shared
       library depends on:

       Given segment index number 5 from a previous run	 of  change  the  page
       size to 4 kilobytes:

       To  set	the  modify bit of a specific segment, first find the index or
       address number of the segment.

	      chatr a.out

	      a.out:
		 32-bit ELF executable
		 shared library dynamic path search:
		     LD_LIBRARY_PATH	enabled	 first
		     SHLIB_PATH		enabled	 second
		     embedded path	enabled	 third	/CLO/TAHOE_BE/usr/lib/hpux32
		 shared library list:
		     libsin.so
		     libc.so.1
		 shared library binding:
		     deferred
		 global hash table enabled
		 global hash table size 100
		 shared library mapped private disabled
		 shared vtable support disabled
		 segments:
		     index type	    address	 flags size
			 5 text	    04000000	 ----c	  D (default)
			 6 data	    40000000	 ---m-	  L (largest possible)
		 executable from stack: D (default)
		 kernel assisted branch prediction enabled
		 lazy swap allocation for dynamic segments disabled

       For Format 2, for a text segment, use the following:

       or

       For Format 1, use the following:

WARNINGS
       This release of the command no longer supports the following options:

       ·
       ·
       ·
       ·
       ·
       ·
       ·
       ·

AUTHOR
       was developed by HP.

SEE ALSO
   System Tools
       ld(1)		 invoke the link editor
       dld.so(5)	 dynamic loader

   Miscellaneous
       a.out(4)		   assembler, compiler, and linker output
       magic(4)		   magic number for HP-UX implementations
       sam(1M)		   system administration manager
       executable_stack(5) controls whether program stacks are	executable  by
			   default

   Texts and Tutorials
       (See the		 option)
       (See		 manuals(5) for ordering information)

Integrity Systems Only						   chatr_ia(1)
[top]

List of man pages available for HP-UX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net