HP-UX Reference (11i v2 04/09) - 1 User Commands A-M (vol 1)
c
chatr_pa(1) chatr_pa(1)
(For PA-RISC Systems)
+p Set the page size for a specified segment.
+sa Specify a segment using an address for a set of attribute modifications.
+sall Use all segments in the file for a set of attribute modifications.
+si Specify a segment using a segment index number for a set of attribute modifications.
chatr and MAGIC Numbers
The term shared applies to the magic number
SHARE_MAGIC while the term demand-loaded applies
to the magic number
DEMAND_MAGIC. See magic(4) and the HP-UX Linker and Libraries Online User
Guide for more information.
chatr labels the following type of executables in output.
SHARE_MAGIC: shared executable
DEMAND_MAGIC: demand load executable
EXEC_MAGIC: normal executable
SHMEM_MAGIC: normal SHMEM_MAGIC executable
The linker produces
SHARE_MAGIC executables by default.
Using SHMEM_MAGIC
SHMEM_MAGIC is an interim solution until 64-bit addressability is available with a true 64-bit kernel.
SHMEM_MAGIC will not be supported on future HP implementations of 64-bit architectures (beyond PA-
RISC 2.0). Programs that need larger than 1.75 GB of shared memory on those architectures will have to
be recompiled (as 64-bit executables) for those architectures.
Programs that are compiled as 64-bit executables on any 64-bit HP implementation (including PA-RISC
2.0) cannot be marked as
SHMEM_MAGIC nor do they need to be as they will already have access to more
than 1.75 GB of shared memory.
The additional 1 GB of shared memory that is available over other types of executables can be availed of
only for system V shared memory and not other forms of shared memory (like memory mapped files).
Restricting Execute Permission on Stacks
A frequent or common method of breaking into systems is by maliciously overflowing buffers on a
program’s stack, such as passing unusually long, carefully chosen command line arguments to a
privileged program that does not expect them. Malicious unprivileged users can use this technique to
trick a privileged program into starting a superuser shell for them, or to perform similar unauthorized
actions.
One simple yet highly effective way to reduce the risk from this type of attack is to remove the execute
permission from a program’s stack pages. This improves system security without sacrificing performance
and has no negative effects on the vast majority of legitimate applications. The changes described in this
section only affect the very small number of programs that try to execute (or are tricked into executing)
instructions located on the program’s stack(s).
If the stack protection feature described in this section is enabled for a program and that program
attempts to execute code from its stack(s), the HP-UX kernel will terminate the program with a
SIGKILL
signal, display a message referring to this manual page section, and log an error message to the system
message log (use dmesg to view the error message). The message logged by the kernel is:
WARNING: UID # may have attempted a buffer overflow attack. PID #
(program_name) has been terminated. See the ’+es enable’ option of
chatr(1).
If you see one of these messages, check with the program’s owner to determine whether this program is
legitimately executing code from its stack. If it is, you can use one or both of the methods described below
to make the program functional again. If the program is not legitimately executing code from its stack,
you should suspect malicious activity and take appropriate action.
HP-UX provides two options to permit legitimate execution from a program’s stack(s). Combinations of
these two options help make site-specific tradeoffs between security and compatibility.
The first method is the use of the
+es option of chatr and affects individual programs. It is typically
used to specify that a particular binary must be able to execute from its stack, regardless of the system
default setting. This allows a restrictive system default while not preventing legitimate programs from
HP-UX 11i Version 2: September 2004 − 4 − Hewlett-Packard Company Section 1−−95