Manualshelf

Command Reference Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Operating Systems
101102103104105106107108109110
__________________________________________________________________________________________________________________________________________________________________________________________________
__________________________________________________________________________________________________________________________________________________________________________________________________
STANDARD Printed by: Nora Chuang [nchuang] STANDARD
/build/1111/BRICK/man1/!!!intro.1
________________________________________________________________
___ ___
c
chatr(1) chatr(1)
this manual page.
The possible settings for executable_stack are as follows:
executable_stack = 0
A setting of 0 causes stacks to be non-executable and is strongly preferred from a security per-
spective.
executable_stack = 1 (default)
A setting of 1 (the default value) causes all program stacks to be executable, and is safest from a
compatibility perspective but is the least secure setting for this parameter.
executable_stack = 2
A setting of 2 is equivalent to a setting of 0, except that it gives non-fatal warnings instead of ter-
minating a process that is trying to execute from its stack. Using this setting is helpful for users
to gain confidence that using a value of 0 will not hurt their legitimate applications. Again, there
is less security protection.
The table below summarizes the results from using the possible combinations of chatr +es and
executable_stack when executing from the program’s stack. Running chatr +es disable
relies solely on the setting of the executable_stack
kernel tunable parameter when deciding whether
or not to grant execute permission for stacks and is equivalent to not having run
chatr +es on the
binary.
chatr +es executable_stack ACTION
enable 1 program runs normally
disable or chatr is not run 1 program runs normally
enable 0 program runs normally
disable or chatr is not run 0 program is killed
enable 2 program runs normally
disable or chatr is not run 2 program runs normally
with warning displayed
RETURN VALUE
chatr returns zero on success. If the command line contents is syntactically incorrect, or one or more of
the specified files cannot be acted upon, chatr returns information about the files whose attributes could
not be modified. If no files are specified, chatr returns decimal 255.
Illegal options
For PA32
chatr, if you use an illegal option, chatr returns the number of words in the command line.
For example,
chatr +b enable +xyz enable returns 5 (because of illegal option +xyz).
chatr +b enable +xyz enable +mno file1 file2 returns 8.
For PA64 chatr, if you use an illegal option, chatr returns the number of non-option words present
after the first illegal option.
chatr +b enable +xyz enable +mno enable +pqr enable file returns 4.
Invalid arguments
If you use an invalid argument with a valid option and you do not specify a filename, both PA32 and PA64
chatr return 0.
chatr +b <no argument> returns 0.
For PA32 chatr, if you specify a file name (regardless of whether or not the file exists), chatr returns
number of words in the command line.
chatr +b <no argument> file returns 4.
For PA64 chatr, if you specify a file name (regardless of whether or not the file exists), chatr returns
the number of files specified.
chatr +b <no argument> file1 file2 file3 returns 3.
HP-UX Release 11i: December 2000 5 Section 177
___
___