HP-UX Reference (11i v2 03/08) - 1 User Commands A-M (vol 1)
c
chatr(1) chatr(1)
+p size (Format 2 only.) Set the page size for a specified segment.
+pd size Request a particular virtual memory page size that should be used for data. Sizes of
4K,
16K, 64K, 256K, 1M
, 4M, 16M, 64M, 256M, 1G, 4G, D, and L are supported. A size of
D results in using the default page size. A size of
L results in using the largest page size
available. The actual page size may vary if the requested size cannot be fulfilled.
+pi size Request a particular virtual memory page size that should be used for text (instructions).
See the +pd option for additional information.
+r flag Request static branch prediction when executing this program. The flags
enable and
disable turn this request on and off, respectively. If this is enabled, it is denoted by
the r flag for the segment listing in the
chatr output.
+s flag Control whether the directory path list specified with the
LD_LIBRARY_PATH
and
SHLIB_PATH environment variable can be used to locate shared libraries needed by the
program. The two flag values, enable and
disable, respectively enable and disable
use of the environment variable. If both
+s
and +b are used, their relative order on the
command line indicates which path list will be searched first. See the
+b option.
+sa address (Format 2 only.) Specify a segment using an address for a set of attribute modifications.
+sall (Format 2 only.) Use all segments in the file for a set of attribute modifications.
+si index (Format 2 only.) Specify a segment using a segment index number for a set of attribute
modifications.
+z flag Enable or disable lazy swap on all data segments (using FORMAT 1) or on a specific seg-
ment (using 2). The flags enable and disable turn this request on or off respec-
tively. May not be used with non-data segments.
+I flag Enable or disable dynamic instrumentation by
/opt/langtools/bin/caliper.If
enabled, the dynamic loader (see dld.so(5)) will automatically invoke
caliper upon
program execution to collect profile information.
Restricting Execute Permission on Stacks
A frequent or common method of breaking into systems is by maliciously overflowing buffers on a
program’s stack, such as passing unusually long, carefully chosen command line arguments to a
privileged program that does not expect them. Malicious unprivileged users can use this technique to
trick a privileged program into starting a superuser shell for them, or to perform similar unauthorized
actions.
One simple yet highly effective way to reduce the risk from this type of attack is to remove the execute
permission from a program’s stack pages. This improves system security without sacrificing performance
and has no negative effects on the vast majority of legitimate applications. The changes described in this
section only affect the very small number of programs that try to execute (or are tricked into executing)
instructions located on the program’s stack(s).
If the stack protection feature described in this section is enabled for a program and that program
attempts to execute code from its stack(s), the HP-UX kernel will terminate the program with a
SIGKILL
signal, display a message referring to this manual page section, and log an error message to the system
message log (use dmesg to view the error message). The message logged by the kernel is:
WARNING: UID # may have attempted a buffer overflow attack. PID #
(program_name) has been terminated. See the ’+es enable’ option of
chatr(1).
If you see one of these messages, check with the program’s owner to determine whether this program is
legitimately executing code from its stack. If it is, you can use one or both of the methods described below
to make the program functional again. If the program is not legitimately executing code from its stack,
you should suspect malicious activity and take appropriate action.
HP-UX provides two options to permit legitimate execution from a program’s stack(s). Combinations of
these two options help make site-specific tradeoffs between security and compatibility.
The first method is the use of the
+es option of chatr and affects individual programs. It is typically
used to specify that a particular binary must be able to execute from its stack, regardless of the system
default setting. This allows a restrictive system default while not preventing legitimate programs from
executing code on their stack(s). Ideally this option should be set (if needed) by the program’s provider, to
minimize the need for manual intervention by whomever installs the program.
HP-UX 11i Version 2: August 2003 − 3 − Hewlett-Packard Company Section 1−−77