path: root/html/revdep-pax.html

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link title="new" rel="stylesheet" href="http://www.gentoo.org/css/main.css" type="text/css">
<link REL="shortcut icon" HREF="http://www.gentoo.org/favicon.ico" TYPE="image/x-icon">
<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/www-gentoo-org.xml" title="Gentoo Website">
<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/forums-gentoo-org.xml" title="Gentoo Forums">
<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/bugs-gentoo-org.xml" title="Gentoo Bugzilla">
<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/packages-gentoo-org.xml" title="Gentoo Packages">
<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/archives-gentoo-org.xml" title="Gentoo List Archives">
<title>Gentoo Linux Documentation
--
  Gentoo revdep-pax introduction</title>
</head>
<body style="margin:0px;" bgcolor="#ffffff"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><td valign="top" height="125" bgcolor="#45347b"><a href="http://www.gentoo.org/"><img border="0" src="http://www.gentoo.org/images/gtop-www.jpg" alt="Gentoo Logo"></a></td></tr>
<tr><td valign="top" align="right" colspan="1" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="0" width="100%"><tr>
<td width="99%" class="content" valign="top" align="left">
<br><h1>Gentoo revdep-pax introduction</h1>
<form name="contents" action="http://www.gentoo.org">
<b>Content</b>:
        <select name="url" size="1" OnChange="location.href=form.url.options[form.url.selectedIndex].value" style="font-family:sans-serif,Arial,Helvetica"><option value="#doc_chap1">1. What's revdep-pax about?</option>
<option value="#doc_chap2">2. Using revdep-pax</option>
<option value="#doc_chap3">3. Listing PaX Flags and Capabilities</option>
<option value="#doc_chap4">4. Programming with ELF files</option></select>
</form>
<p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1.
            </span>What's revdep-pax about?</p>
<p class="secthead"><a name="doc_chap1_sect1">A quick introduction to PaX markings.</a></p>
<p>
There are some programs which won't be able to run in an environment with all
the PaX features enabled, for example you may have a program which has so called
<span class="emphasis">text relocations</span> or you may have a language interpreter doing JIT code
compilation and requiring <span class="emphasis">RWX</span> mappings you may also have a program that
saves data including internal pointers into an mmaped file and which needs to be
restored in the same place no matter what. You could also be holding a security
competition and need to disable the execution restrictions and force it to
use fixed addresses on a particular program so it can be exploited doing a
simple nop sled based stack overflow to get to the next level. For taking into
account these issues binaries can be marked to force on or off some of the PaX
features.
</p>
<p>
Currently, the PaX features that can be lessened or enforced to allow programs
to run are:
</p>
<dl>
  <dt><b>PAGEEXEC</b></dt>
  <dd>Paging based execution restrictions. This is what other OSes know as
  <span class="emphasis">NX</span>.</dd>
  <dt><b>EMUTRAMP</b></dt>
  <dd>Trampoline emulation. Required by for amongst other things code with
  nested functions.</dd>
  <dt><b>MPROTECT</b></dt>
  <dd>Prevents the introduction of new executable code in the task. This is the
  one you are more likely to need disabling with libraries generating JIT code.
  </dd>
  <dt><b>RANDMMAP</b></dt>
  <dd>Randomizes the addresses where mappings are made unless the program
  explicitly requests one (using the MAP_FIXED flag).</dd>
  <dt><b>RANDEXEC</b></dt>
  <dd>This flag is currently deprecated and was used to enforce random placement
  of the executable part of the binary.</dd>
  <dt><b>SEGMEXEC</b></dt>
  <dd>This flag enables segmentation based execution protection. This feature is
  not available on the amd64 architecture so in that architecture is disables by
  default.</dd>
</dl>
<p>
There are various ways in which this advice to lessen the environment can be
provided to the system, amongst others Mandatory Access Control rules, extended
attributes and two kinds of markings on the binaries themselves, the legacy ones
which abuse an unused field in the ELF headers and the new ones which add a new
specific section to the ELF file with the markings.
</p>
<p>
All this markings though are only read in the executable and not in the
libraries linked by it to prevent some possible attacks (like libraries being
injected via LD_PRELOAD) and because it eases a lot the implementation since the
kernel shouldn't be aware of linking details.
</p>
<p>
This system has a problem: if we have a binary linking to a library which
requires, for example, trampoline emulation because it uses nested functions how
can we make sure the binary gets the propper markings? Yeah we could add PaX
marks to the library to state it needs trampoline emulation but still we haven't
fixed the issue since the kernel will only read the marks on the binary being
called. In order to solve this issue we have created <span class="code" dir="ltr">revdep-pax</span>.
</p>
<p class="secthead"><a name="doc_chap1_sect2">What's revdep-pax?</a></p>
<p>
<span class="code" dir="ltr">revdep-pax</span> is a tool that allows to check for differences in PaX markings
between elf objects linking to libraries (for example <span class="path" dir="ltr">/bin/bash</span>)
and the libraries themselves (for example <span class="path" dir="ltr">/lib64/libc.so.6</span>).
</p>
<p>
<span class="code" dir="ltr">revdep-pax</span> is able to do this in various ways, it can check for
differences <span class="emphasis">forward</span> from one binary to all the libraries it links and it
can also check for PaX marking differences <span class="emphasis">backwards</span> from one library to
all the binaries linking to it (which may include other libraries too). In a
similar way it is possible to have all the forward and reverse mappings in the
system checked to try finding issues.
</p>
<p>
<span class="code" dir="ltr">revdep-pax</span> is also able to propagate these markings both forward to the
libraries linked by an object and backwards to the objects linked by a library.
</p>
<p class="chaphead"><a name="doc_chap2"></a><span class="chapnum">2.
            </span>Using revdep-pax</p>
<p class="secthead"><a name="doc_chap2_sect1">Propagating PaX marks backwards from a library to objects that link at it
</a></p>
<p>
This is going to be probably the main way in which you are going to use this
utility. What it does is check all the libraries linked statically 
The <span class="code" dir="ltr">scanelf</span> application is part of the <span class="code" dir="ltr">app-misc/pax-utils</span> package.
With this application you can print out information specific to the ELF
structure of a binary. The following table sums up the various options.
</p>
<table class="ntable">
<tr>
  <td class="infohead"><b>Option</b></td>
  <td class="infohead"><b>Long Option</b></td>
  <td class="infohead"><b>Description</b></td>
</tr>
<tr>
  <td class="tableinfo">-p</td>
  <td class="tableinfo">--path</td>
  <td class="tableinfo">Scan all directories in PATH environment</td>
</tr>
<tr>
  <td class="tableinfo">-l</td>
  <td class="tableinfo">--ldpath</td>
  <td class="tableinfo">Scan all directories in /etc/ld.so.conf</td>
</tr>
<tr>
  <td class="tableinfo">-R</td>
  <td class="tableinfo">--recursive</td>
  <td class="tableinfo">Scan directories recursively</td>
</tr>
<tr>
  <td class="tableinfo">-m</td>
  <td class="tableinfo">--mount</td>
  <td class="tableinfo">Don't recursively cross mount points</td>
</tr>
<tr>
  <td class="tableinfo">-y</td>
  <td class="tableinfo">--symlink</td>
  <td class="tableinfo">Don't scan symlinks</td>
</tr>
<tr>
  <td class="tableinfo">-A</td>
  <td class="tableinfo">--archives</td>
  <td class="tableinfo">Scan archives (.a files)</td>
</tr>
<tr>
  <td class="tableinfo">-L</td>
  <td class="tableinfo">--ldcache</td>
  <td class="tableinfo">Utilize ld.so.cache information (use with -r/-n)</td>
</tr>
<tr>
  <td class="tableinfo">-X</td>
  <td class="tableinfo">--fix</td>
  <td class="tableinfo">Try and 'fix' bad things (use with -r/-e)</td>
</tr>
<tr>
  <td class="tableinfo">-z [arg]</td>
  <td class="tableinfo">--setpax [arg]</td>
  <td class="tableinfo">Sets EI_PAX/PT_PAX_FLAGS to [arg] (use with -Xx)</td>
</tr>
<tr>
  <td class="infohead"><b>Option</b></td>
  <td class="infohead"><b>Long Option</b></td>
  <td class="infohead"><b>Description</b></td>
</tr>
<tr>
  <td class="tableinfo">-x</td>
  <td class="tableinfo">--pax</td>
  <td class="tableinfo">Print PaX markings</td>
</tr>
<tr>
  <td class="tableinfo">-e</td>
  <td class="tableinfo">--header</td>
  <td class="tableinfo">Print GNU_STACK/PT_LOAD markings</td>
</tr>
<tr>
  <td class="tableinfo">-t</td>
  <td class="tableinfo">--textrel</td>
  <td class="tableinfo">Print TEXTREL information</td>
</tr>
<tr>
  <td class="tableinfo">-r</td>
  <td class="tableinfo">--rpath</td>
  <td class="tableinfo">Print RPATH information</td>
</tr>
<tr>
  <td class="tableinfo">-n</td>
  <td class="tableinfo">--needed</td>
  <td class="tableinfo">Print NEEDED information</td>
</tr>
<tr>
  <td class="tableinfo">-i</td>
  <td class="tableinfo">--interp</td>
  <td class="tableinfo">Print INTERP information</td>
</tr>
<tr>
  <td class="tableinfo">-b</td>
  <td class="tableinfo">--bind</td>
  <td class="tableinfo">Print BIND information</td>
</tr>
<tr>
  <td class="tableinfo">-S</td>
  <td class="tableinfo">--soname</td>
  <td class="tableinfo">Print SONAME information</td>
</tr>
<tr>
  <td class="tableinfo">-s [arg]</td>
  <td class="tableinfo">--symbol [arg]</td>
  <td class="tableinfo">Find a specified symbol</td>
</tr>
<tr>
  <td class="tableinfo">-k [arg]</td>
  <td class="tableinfo">--section [arg]</td>
  <td class="tableinfo">Find a specified section</td>
</tr>
<tr>
  <td class="tableinfo">-N [arg]</td>
  <td class="tableinfo">--lib [arg]</td>
  <td class="tableinfo">Find a specified library</td>
</tr>
<tr>
  <td class="tableinfo">-g</td>
  <td class="tableinfo">--gmatch</td>
  <td class="tableinfo">Use strncmp to match libraries. (use with -N)</td>
</tr>
<tr>
  <td class="tableinfo">-T</td>
  <td class="tableinfo">--textrels</td>
  <td class="tableinfo">Locate cause of TEXTREL</td>
</tr>
<tr>
  <td class="tableinfo">-E [arg]</td>
  <td class="tableinfo">--etype [arg]</td>
  <td class="tableinfo">Print only ELF files matching etype ET_DYN,ET_EXEC ...</td>
</tr>
<tr>
  <td class="tableinfo">-M [arg]</td>
  <td class="tableinfo">--bits [arg]</td>
  <td class="tableinfo">Print only ELF files matching numeric bits</td>
</tr>
<tr>
  <td class="tableinfo">-a</td>
  <td class="tableinfo">--all</td>
  <td class="tableinfo">Print all scanned info (-x -e -t -r -b)</td>
</tr>
<tr>
  <td class="infohead"><b>Option</b></td>
  <td class="infohead"><b>Long Option</b></td>
  <td class="infohead"><b>Description</b></td>
</tr>
<tr>
  <td class="tableinfo">-q</td>
  <td class="tableinfo">--quiet</td>
  <td class="tableinfo">Only output 'bad' things</td>
</tr>
<tr>
  <td class="tableinfo">-v</td>
  <td class="tableinfo">--verbose</td>
  <td class="tableinfo">Be verbose (can be specified more than once)</td>
</tr>
<tr>
  <td class="tableinfo">-F [arg]</td>
  <td class="tableinfo">--format [arg]</td>
  <td class="tableinfo">Use specified format for output</td>
</tr>
<tr>
  <td class="tableinfo">-f [arg]</td>
  <td class="tableinfo">--from [arg]</td>
  <td class="tableinfo">Read input stream from a filename</td>
</tr>
<tr>
  <td class="tableinfo">-o [arg]</td>
  <td class="tableinfo">--file [arg]</td>
  <td class="tableinfo">Write output stream to a filename</td>
</tr>
<tr>
  <td class="tableinfo">-B</td>
  <td class="tableinfo">--nobanner</td>
  <td class="tableinfo">Don't display the header</td>
</tr>
<tr>
  <td class="tableinfo">-h</td>
  <td class="tableinfo">--help</td>
  <td class="tableinfo">Print this help and exit</td>
</tr>
<tr>
  <td class="tableinfo">-V</td>
  <td class="tableinfo">--version</td>
  <td class="tableinfo">Print version and exit</td>
</tr>
</table>
<p>
The format specifiers for the <span class="code" dir="ltr">-F</span> option are given in the following table.
Prefix each specifier with <span class="code" dir="ltr">%</span> (verbose) or <span class="code" dir="ltr">#</span> (silent) accordingly.
</p>
<table class="ntable">
<tr>
  <td class="infohead"><b>Specifier</b></td>
  <td class="infohead"><b>Full Name</b></td>
  <td class="infohead"><b>Specifier</b></td>
  <td class="infohead"><b>Full Name</b></td>
</tr>
<tr>
  <td class="tableinfo">F</td>
  <td class="tableinfo">Filename</td>
  <td class="tableinfo">x</td>
  <td class="tableinfo">PaX Flags</td>
</tr>
<tr>
  <td class="tableinfo">e</td>
  <td class="tableinfo">STACK/RELRO</td>
  <td class="tableinfo">t</td>
  <td class="tableinfo">TEXTREL</td>
</tr>
<tr>
  <td class="tableinfo">r</td>
  <td class="tableinfo">RPATH</td>
  <td class="tableinfo">n</td>
  <td class="tableinfo">NEEDED</td>
</tr>
<tr>
  <td class="tableinfo">i</td>
  <td class="tableinfo">INTERP</td>
  <td class="tableinfo">b</td>
  <td class="tableinfo">BIND</td>
</tr>
<tr>
  <td class="tableinfo">s</td>
  <td class="tableinfo">Symbol</td>
  <td class="tableinfo">N</td>
  <td class="tableinfo">Library</td>
</tr>
<tr>
  <td class="tableinfo">o</td>
  <td class="tableinfo">Type</td>
  <td class="tableinfo">p</td>
  <td class="tableinfo">File name</td>
</tr>
<tr>
  <td class="tableinfo">f</td>
  <td class="tableinfo">Base file name</td>
  <td class="tableinfo">k</td>
  <td class="tableinfo">Section</td>
</tr>
<tr>
  <td class="tableinfo">a</td>
  <td class="tableinfo">ARCH/e_machine</td>
  <td class="tableinfo"></td>
  <td class="tableinfo"></td>
</tr>
</table>
<p class="secthead"><a name="doc_chap2_sect2">Using scanelf for Text Relocations</a></p>
<p>
As an example, we will use <span class="code" dir="ltr">scanelf</span> to find binaries containing text
relocations.
</p>
<p>
A relocation is an operation that rewrites an address in a loaded segment. Such
an address rewrite can happen when a segment has references to a shared object
and that shared object is loaded in memory. In this case, the references are
substituted with the real address values. Similar events can occur inside the 
shared object itself.
</p>
<p>
A text relocation is a relocation in the text segment. Since text segments
contain executable code, system administrators might prefer not to have these
segments writable. This is perfectly possible, but since text relocations
actually write in the text segment, it is not always feasible. 
</p>
<p>
If you want to eliminate text relocations, you will need to make sure
that the application and shared object is built with <span class="emphasis">Position Independent
Code</span> (PIC), making references obsolete. This not only increases security,
but also increases the performance in case of shared objects (allowing writes in
the text segment requires a swap space reservation and a private copy of the
shared object for each application that uses it).
</p>
<p>
The following example will search your library paths recursively, without
leaving the mounted file system and ignoring symbolic links, for any ELF binary
containing a text relocation:
</p>
<a name="doc_chap2_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing2.1: Scanning the system for text relocation binaries</p></td></tr>
<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
# <span class="code-input">scanelf -lqtmyR</span>
</pre></td></tr>
</table>
<p>
If you want to scan your entire system for <span class="emphasis">any</span> file containing text
relocations:
</p>
<a name="doc_chap2_pre2"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing2.2: Scanning the entire system for text relocation files</p></td></tr>
<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
# <span class="code-input">scanelf -qtmyR /</span>
</pre></td></tr>
</table>
<p class="secthead"><a name="doc_chap2_sect3">Using scanelf for Specific Header</a></p>
<p>
The scanelf util can be used to quickly identify files that contain a 
given section header using the -k .section option.
</p>
<p>
In this example we are looking for all files in /usr/lib/debug 
recursively using a format modifier with quiet mode enabled that have been 
stripped. A stripped elf will lack a .symtab entry, so we use the '!' 
to invert the matching logic.
</p>
<a name="doc_chap2_pre3"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing2.3: Scanning for stripped or non stripped executables</p></td></tr>
<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
# <span class="code-input">scanelf -k '!.symtab' /usr/lib/debug -Rq -F%F#k</span>
</pre></td></tr>
</table>
<p class="secthead"><a name="doc_chap2_sect4">Using scanelf for Specific Segment Markings</a></p>
<p>
Each segment has specific flags assigned to it in the Program Header of the
binary. One of those flags is the type of the segment. Interesting values are
PT_LOAD (the segment must be loaded in memory from file), PT_DYNAMIC (the
segment contains dynamic linking information), PT_INTERP (the segment 
contains the name of the program interpreter), PT_GNU_STACK (a GNU extension
for the ELF format, used by some stack protection mechanisms), and PT_PAX_FLAGS
(a PaX extension for the ELF format, used by the security-minded 
<a href="http://pax.grsecurity.net/">PaX Project</a>.
</p>
<p>
If we want to scan all executables in the current working directory, PATH
environment and library paths and report those who have a writable and
executable PT_LOAD or PT_GNU_STACK marking, you could use the following command:
</p>
<a name="doc_chap2_pre4"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing2.4: Scanning for Write/eXecute flags for PT_LOAD and PT_GNU_STACK</p></td></tr>
<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
# <span class="code-input">scanelf -lpqe .</span>
</pre></td></tr>
</table>
<p class="secthead"><a name="doc_chap2_sect5">Using scanelf's Format Modifier Handler</a></p>
<p>
A useful feature of the <span class="code" dir="ltr">scanelf</span> utility is the format modifier handler.  
With this option you can control the output of <span class="code" dir="ltr">scanelf</span>, thereby 
simplifying parsing the output with scripts.
</p>
<p>
As an example, we will use <span class="code" dir="ltr">scanelf</span> to print the file names that contain
text relocations:
</p>
<a name="doc_chap2_pre5"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing2.5: Example of the scanelf format modifier handler</p></td></tr>
<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
# <span class="code-input">scanelf -l -p -R -q -F "%F #t"</span>
</pre></td></tr>
</table>
<p class="chaphead"><a name="pspax"></a><a name="doc_chap3"></a><span class="chapnum">3.
            </span>Listing PaX Flags and Capabilities</p>
<p class="secthead"><a name="doc_chap3_sect1">About PaX</a></p>
<p>
<a href="http://pax.grsecurity.net">PaX</a> is a project hosted by the <a href="http://www.grsecurity.net">grsecurity</a> project. Quoting the <a href="http://pax.grsecurity.net/docs/pax.txt">PaX documentation</a>, its main 
goal is "to research various defense mechanisms against the exploitation of 
software bugs that give an attacker arbitrary read/write access to the 
attacked task's address space. This class of bugs contains among others 
various forms of buffer overflow bugs (be they stack or heap based), user
supplied format string bugs, etc."
</p>
<p>
To be able to benefit from these defense mechanisms, you need to run a Linux
kernel patched with the latest PaX code. The <a href="http://hardened.gentoo.org">Hardened Gentoo</a> project supports PaX and
its parent project, grsecurity. The supported kernel package is
<span class="code" dir="ltr">sys-kernel/hardened-sources</span>.
</p>
<p>
The Gentoo/Hardened project has a <a href="pax-quickstart.html">Gentoo PaX Quickstart Guide</a>
for your reading pleasure.
</p>
<p class="secthead"><a name="doc_chap3_sect2">Flags and Capabilities</a></p>
<p>
If your toolchain supports it, your binaries can have additional PaX flags in
their Program Header. The following flags are supported:
</p>
<table class="ntable">
<tr>
  <td class="infohead"><b>Flag</b></td>
  <td class="infohead"><b>Name</b></td>
  <td class="infohead"><b>Description</b></td>
</tr>
<tr>
  <td class="tableinfo">P</td>
  <td class="tableinfo">PAGEEXEC</td>
  <td class="tableinfo">
    Refuse code execution on writable pages based on the NX bit
    (or emulated NX bit)
  </td>
</tr>
<tr>
  <td class="tableinfo">S</td>
  <td class="tableinfo">SEGMEXEC</td>
  <td class="tableinfo">
    Refuse code execution on writable pages based on the
    segmentation logic of IA-32
  </td>
</tr>
<tr>
  <td class="tableinfo">E</td>
  <td class="tableinfo">EMUTRAMP</td>
  <td class="tableinfo">
    Allow known code execution sequences on writable pages that
    should not cause any harm
  </td>
</tr>
<tr>
  <td class="tableinfo">M</td>
  <td class="tableinfo">MPROTECT</td>
  <td class="tableinfo">
    Prevent the creation of new executable code to the process
    address space
  </td>
</tr>
<tr>
  <td class="tableinfo">R</td>
  <td class="tableinfo">RANDMMAP</td>
  <td class="tableinfo">
    Randomize the stack base to prevent certain stack overflow
    attacks from being successful
  </td>
</tr>
<tr>
  <td class="tableinfo">X</td>
  <td class="tableinfo">RANDEXEC</td>
  <td class="tableinfo">
    Randomize the address where the application maps to prevent
    certain attacks from being exploitable
  </td>
</tr>
</table>
<p>
The default Linux kernel also supports certain capabilities, grouped in the
so-called <span class="emphasis">POSIX.1e Capabilities</span>. You can find a listing of those
capabilities in our <a href="capabilities.html">POSIX Capabilities</a> document.
</p>
<p class="secthead"><a name="doc_chap3_sect3">Using pspax</a></p>
<p>
The <span class="code" dir="ltr">pspax</span> application, part of the <span class="code" dir="ltr">pax-utils</span> package, displays the
run-time capabilities of all programs you have permission for. On Linux kernels
with additional support for extended attributes (such as SELinux) those
attributes are shown as well.
</p>
<p>
When ran, <span class="code" dir="ltr">pspax</span> shows the following information:
</p>
<table class="ntable">
<tr>
  <td class="infohead"><b>Column</b></td>
  <td class="infohead"><b>Description</b></td>
</tr>
<tr>
  <td class="tableinfo">USER</td>
  <td class="tableinfo">Owner of the process</td>
</tr>
<tr>
  <td class="tableinfo">PID</td>
  <td class="tableinfo">Process id</td>
</tr>
<tr>
  <td class="tableinfo">PAX</td>
  <td class="tableinfo">Run-time PaX flags (if applicable)</td>
</tr>
<tr>
  <td class="tableinfo">MAPS</td>
  <td class="tableinfo">Write/eXecute markings for the process map</td>
</tr>
<tr>
  <td class="tableinfo">ELF_TYPE</td>
  <td class="tableinfo">Process executable type: ET_DYN or ET_EXEC</td>
</tr>
<tr>
  <td class="tableinfo">NAME</td>
  <td class="tableinfo">Name of the process</td>
</tr>
<tr>
  <td class="tableinfo">CAPS</td>
  <td class="tableinfo">POSIX.1e capabilities (see note)</td>
</tr>
<tr>
  <td class="tableinfo">ATTR</td>
  <td class="tableinfo">Extended attributes (if applicable)</td>
</tr>
</table>
<table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#bbffbb"><p class="note"><b>Note: </b>
<span class="code" dir="ltr">pspax</span> only displays these capabilities when it is linked with
the external capabilities library. This requires you to build <span class="code" dir="ltr">pax-utils</span>
with -DWANT_SYSCAP.
</p></td></tr></table>
<p>
By default, <span class="code" dir="ltr">pspax</span> does not show any kernel processes. If you want those
to be taken as well, use the <span class="code" dir="ltr">-a</span> switch.
</p>
<p class="chaphead"><a name="dumpelf"></a><a name="doc_chap4"></a><span class="chapnum">4.
            </span>Programming with ELF files</p>
<p class="secthead"><a name="doc_chap4_sect1">The dumpelf Utility</a></p>
<p>
With the <span class="code" dir="ltr">dumpelf</span> utility you can convert a ELF file into human readable C
code that defines a structure with the same image as the original ELF file.
</p>
<a name="doc_chap4_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing4.1: dumpelf example</p></td></tr>
<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
$ <span class="code-input">dumpelf /bin/hostname</span>
#include &lt;elf.h&gt;

<span class="code-comment">/*
 * ELF dump of '/bin/hostname'
 *     10276 (0x2824) bytes
 */</span>

struct {
        Elf32_Ehdr ehdr;
        Elf32_Phdr phdrs[8];
        Elf32_Shdr shdrs[26];
} dumpedelf_0 = {

.ehdr = {
<span class="code-comment">(... Output stripped ...)</span>
</pre></td></tr>
</table>
<br><p class="copyright">
	The contents of this document, unless otherwise expressly stated, are licensed under the <a href="http://creativecommons.org/licenses/by-sa/2.5">CC-BY-SA-2.5</a> license. The <a href="http://www.gentoo.org/main/en/name-logo.xml"> Gentoo Name and Logo Usage Guidelines </a> apply.
  </p>
<!--
  <rdf:RDF xmlns="http://web.resource.org/cc/"
      xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
  
  <license rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
    
     <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
     <permits rdf:resource="http://web.resource.org/cc/Distribution" />
     <requires rdf:resource="http://web.resource.org/cc/Notice" />
     <requires rdf:resource="http://web.resource.org/cc/Attribution" />
     <permits rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
     <requires rdf:resource="http://web.resource.org/cc/ShareAlike" />
  </License>
  </rdf:RDF>
--><br>
</td>
<td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="klondike?style=printable">Print</a></p></td></tr>
<tr><td class="topsep" align="center"><p class="alttext">Page updated February 19, 2012</p></td></tr>
<tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
This guide provides an introduction to revdep-pax and how to use it to propagate
the PaC markings caused by libraries requiring them, for example, libraries
requiring RWX memory in order to process JIT code.
</p></td></tr>
<tr><td align="left" class="topsep"><p class="alttext">
  <a href="mailto:klondike@gentoo.org" class="altlink"><b>Francisco Blas Izquierdo Riera</b></a>
<br><i>Author</i><br></p></td></tr>
<tr lang="en"><td align="center" class="topsep">
<p class="alttext"><b>Donate</b> to support our development efforts.
        </p>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick"><input type="hidden" name="business" value="paypal@gentoo.org"><input type="hidden" name="item_name" value="Gentoo Linux Support"><input type="hidden" name="item_number" value="1000"><input type="hidden" name="image_url" value="http://www.gentoo.org/images/paypal.png"><input type="hidden" name="no_shipping" value="1"><input type="hidden" name="return" value="http://www.gentoo.org"><input type="hidden" name="cancel_return" value="http://www.gentoo.org"><input type="image" src="http://images.paypal.com/images/x-click-but21.gif" name="submit" alt="Donate to Gentoo">
</form>
</td></tr>
<tr lang="en"><td align="center"><iframe src="http://sidebar.gentoo.org" scrolling="no" width="125" height="850" frameborder="0" style="border:0px padding:0x" marginwidth="0" marginheight="0"><p>Your browser does not support iframes.</p></iframe></td></tr>
</table></td>
</tr></table></td></tr>
<tr><td colspan="2" align="right" class="infohead">
Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
</td></tr>
</table></body>
</html>