chatr_pa(1)chatr_pa(1)NAME
chatr_pa: chatr - change program's internal attributes on PA-RISC sys‐
tems
SYNOPSIS
PA-RISC 32-bit SOM chatr
library] mode] flag] flag] flag] flag] flag] size] size] flag] library]
flag] size] size] flag] flag] flag] flag] flag] flag] flag]
file ...
PA-RISC 64-bit ELF chatr
There are two possible syntactic forms that can be used to invoke PA-
RISC 64-bit
The first syntactic form, which is compatible with the SOM is used for
backward compatibility, and for easy manipulation of ordinary files
that only have a single text and a single data segment:
library] mode] flag] flag] flag] flag] flag] size] flag] library] flag]
flag] flag] size] size] flag] flag] flag] file ...
The second syntactic form provides the ability to explicitly specify
segments to be modified:
mode] flag] flag] flag] flag] size] flag] flag] index | address | ]
flag] file ...
Remarks
This manpage describes on PA-RISC systems. For on Integrity systems,
see chatr_ia(1).
DESCRIPTION
allows you to change a program's internal attributes for 32-bit mode
SOM and 64-bit mode ELF files.
Upon completion, prints the file's old and new values to standard out‐
put unless is specified.
The and options only provide a hint for the virtual memory page size.
The actual page sizes may vary. Under certain conditions, page size
hints of may result in better performance, depending on the specific
memory requirements of the application.
The performance of some applications may benefit from static branch
prediction, others may not. The option provides a hint for using or
avoiding this feature.
The and related options provide performance enhancements through use of
global symbol table which improves searching for exported symbols. See
dld.sl(5) and the for more information.
Common Options For PA-RISC 32-bit SOM And PA-RISC 64-bit ELF (FORMAT 1)
chatr
by default, prints each file's magic number and file attributes to the
standard output.
Indicate that the specified shared library
is subject to run-time path lookup if directory path
lists are provided (see and
Change file from demand-loaded to shared (Ignored in PA-RISC
64-bit FORMAT 1.)
Change file from shared to demand-loaded (Ignored in PA-RISC
64-bit FORMAT 1.)
Perform its operation silently.
(Available with the PA-RISC 64-bit FORMAT 2 command.)
Select run-time binding behavior mode of a program
using shared libraries. You must specify one of the
major binding modes or One or more of the binding modi‐
fiers or can also be specified, each with a separate
option. See the manual for a description of binding
modes. (Available with the PA-RISC 64-bit FORMAT 2 com‐
mand.)
Control whether the embedded path list
stored when the program (if any) was built can be used
to locate shared libraries needed by the program. The
two flag values, and respectively enable and disable use
of the embedded path list. However, you cannot use on
an ELF (PA-RISC 64-bit) file and a warning message is
issued. See the option. You can use the option to
enable the embedded path for filter libraries.
Controls the mapping of shared library text segments privately.
The flag values, and toggle the request on and off.
When enabled, this allows for mapping the text segments
of shared libraries in a private, writable region.
Also, you can use this feature on individual shared
libraries, which makes the text segment mapped private.
If contains the string "", all shared libraries are
mapped private. You can specify a colon-separated list
of shared library base names with this option, following
an equal character; for example:
When used with this allows text segments of shared
libraries to be merged.
Control the ability of user code to execute from stack with the
flag values, and See the section below for additional
information related to security issues.
Control whether the global symbol table hash mechanism is
used to look up values of symbol import/export entries.
The two flag values, and respectively enable and disable
use of the global symbol table hash mechanism. The
default is
Request a particular hash array
size using the global symbol table hash mechanism. The
value can vary between 1 and The default value is 1103.
Use this option with
Request kernel assisted branch prediction.
The flags and turn this request on and off, respec‐
tively. (Available with the PA-RISC 64-bit FORMAT 2
command.)
Indicate that the specified shared library
is not subject to run-time path lookup if directory path
lists are provided (see and
or the dynamic loader to automatically preload and also
maps shared libraries as private. The library is used
to support heap analysis through GDB.
Controls the shared library segment merging feature.
The flag values, and toggle this request ON and OFF.
See the description of shared library segment merging in
the When enabled, all the data segments of the shared
libraries loaded at program startup are merged. This
increases run-time performance by allowing the kernel to
use larger size page table entries.
Request a particular virtual memory page size that
should be used for data. Sizes of and are supported. A
size of will result in using the largest page size
available. The actual page size may vary if the
requested size cannot be fulfilled.
Request a particular virtual memory page size that
should be used for instructions. See the option for
additional information.
Request static branch prediction when executing this
program. The flags and turn this request on and off,
respectively. (Available with the PA-RISC 64-bit FORMAT
2 command.)
This is an to the option.
Control whether the directory path list specified with the
environment variable can be used to locate shared
libraries needed by the program. The two flag values,
and respectively enable and disable use of the environ‐
ment variable. If both and are used, their relative
order on the command line indicates which path list will
be searched first. See the option. (Available with the
PA-RISC 64-bit FORMAT 2 command.)
Enable lazy swap on all data segments (using PA-RISC 32-bit
or PA-RISC 64-bit FORMAT 1) or on a specific segment
(using PA-RISC 64-bit ELF FORMAT 2). May not be used
with non-data segments.
Enable null pointer dereference trap.
Run-time dereference of null pointers will produce a
SIGSEGV signal. (This is the complement of the option.)
Disable null pointer dereference trap.
(This is the complement of the option.)
Options For PA-RISC 32-bit SOM chatr Only
Change file from to (This option is an interim solution
until 64-bit addressability is available with a
true 64-bit kernel. See and below.)
Change file from to (This option is an interim solution
until 64-bit addressability is available with a
true 64-bit kernel. See below.)
Request a particular number of buckets per entry
using the global symbol table hash mechanism.
The value can vary between 1 and The default
value is 3. Use this option with
Control the use of the plabel caching mechanism.
The flags and turn this request on and off,
respectively. The default is Use this option
with
This option is effective with C++. In C++ appli‐
cations, the dynamic loader needs to repetitively
access PLABEL information (import stub). In
order to make this access faster, the dynamic
loader uses the global symbol table structure to
also contain PLABEL entries. This behavior is
enabled when the PLABEL_CACHE flag is set in the
structure (enabled or
Control the flag bit setting to indicate how 32-bit processes
use the
third quadrant as data space.
The flag sets the flag bit to indicate that
32-bit processes use the third quadrant as a pri‐
vate data space. By setting the bit, the private
data space increases from 1.9GB to 2.85GB for
32-bit processes.
The flag unsets the bit, which returns the third
quadrant to the default state, in which it is
used for shared memory.
This flag mechanism differs from how to set usage
for the first and second quadrants. Set these
values by using the magic number of the exe‐
cutable. (See the and options.)
See the section below for more details and com‐
patibility issues.
Control the flag bit setting to indicate how 32-bit processes
use the
third and fourth quadrant as data space.
The flag sets the flag bit to indicate that
32-bit processes use the fourth quadrant as a
private data space. By setting the flag bit, the
private data space increases from 1.9GB to 3.8GB
for 32-bit processes. When you set the fourth
quadrant for private data space, the third quad‐
rant is automatically set for use as private data
space, ignoring the current value.
The flag unsets the flag bit, which returns the
fourth quadrant to the default state, in which it
is used for shared memory. With the value of the
flag controls whether the third quadrant is used
as a private data space or for shared memory.
This flag mechanism differs from how to set usage
for the first and second quadrants. Set these
values by using the magic number of the exe‐
cutable. (See the and options.)
See the section below for more details and com‐
patibility issues.
Options For PA-RISC 64-bit ELF chatr
PA-RISC 64-bit ELF is similar to SOM but supports new options
(and obsoletes others).
New options:
Set the code bit for the file's data segment(s).
Set the code bit for the file's text segments(s).
Set the modification bit for the file's data segment(s).
Set the modification bit for the file's text segment(s).
With common options: mode, flag, flag, flag, flag.
Set the code bit for a specified segment.
Enable or disable lazy swap allocation for dynamically allocated
segments (such as the stack or heap).
Set the modification bit for a specified segment.
Set the page size for a specified segment.
Specify a segment using an address for a set of attribute
modifications.
Use all segments in the file for a set of attribute modifica‐
tions.
Specify a segment using a segment index number for a set of
attribute modifications.
chatr and MAGIC Numbers
The term applies to the magic number while the term applies to
the magic number See magic(4) and the for more information.
labels the following type of executables in output.
shared executable
demand load executable
normal executable
normal executable
The linker produces executables by default.
Using SHMEM_MAGIC
is an interim solution until 64-bit addressability is available
with a true 64-bit kernel.
will not be supported on future HP implementations of 64-bit
architectures (beyond PA-RISC 2.0). Programs that need larger
than 1.75 GB of shared memory on those architectures will have
to be recompiled (as 64-bit executables) for those architec‐
tures.
Programs that are compiled as 64-bit executables on any 64-bit
HP implementation (including PA-RISC 2.0) cannot be marked as
nor do they need to be as they will already have access to more
than 1.75 GB of shared memory.
The additional 1 GB of shared memory that is available over
other types of executables can be availed of only for system V
shared memory and not other forms of shared memory (like memory
mapped files).
Large Private Data Space
Starting from the 11i release of HP-UX, an additional 1 to 2GB
of private address space is made available for 32-bit programs
(if enabled on a per process basis), at the expense of shared
memory address space. This change increases the amount of pri‐
vate data space available for a process.
Two new options, and have been added to the command that allow
the user to control whether the 3rd quadrant (the 1GB of address
space from 0x80000000-0xBFFFFFFF) and the 4th quadrant (the 1GB
of address space from 0xC0000000-0xFFFFFFFF) of a process are
part of the processes private address space or are shared with
other running processes. Previously, the 3rd and 4th quadrants
were dedicated for shared object usage. For example, System V
shared memory and memory mapped files using a shared mapping
In order to use this new feature, the maxdsiz kernel config‐
urable variable will need to be increased appropriately; see
maxdsiz(5). Also, the system will have to enable enough swap
space to support processes with large private address spaces.
Compatibility issues
Processes that enable a private 3rd quadrant processes) will
reduce the amount of address space available for shared objects
by 1GB. Also, processes will not be able to share objects that
were created by another, process, even in the 4th quadrant,
unless those objects were created by the process using the flag
(System V shared memory) or If recompiling is not an option, it
will be necessary to make all processes that share objects with
the process into processes
Processes that enable a private 4th quadrant processes) will
have no address space available for shared objects. This means
that the process will not be able to use System V shared memory,
shared mapped files, etc. Shared libraries will still work,
although the kernel will map them as private. Note that a
process implies that the 3rd quadrant is private also. In other
words, the kernel will not execute a process that only enables a
private 4th quadrant.
Because the system call gateway page has to remain at address
0xC0000000 for binary compatibility reasons, the data segment
cannot be extended past the beginning of the 4th quadrant.
Therefore, the and system calls will only allow the data segment
to be expanded up to that address.
To take advantage of private address space in the 4th quadrant,
memory will need to be allocated using the system call with the
option. The system call has been modified to do this automati‐
cally. No re-link will be necessary to take advantage of the
new for a program that uses a shared version of the C library.
A program that was linked with a non-shared library version of
the C library, however, will need to be re-linked.
These changes have no compatibility impacts if the feature is
not enabled.
This feature can only be enabled for 32-bit programs running on
the 64-bit version of HP-UX. The 32-bit version of HP-UX will
silently ignore the request for a private 3rd or 4th quadrant.
Restricting Execute Permission on Stacks
A frequent or common method of breaking into systems is by mali‐
ciously overflowing buffers on a program's stack, such as pass‐
ing unusually long, carefully chosen command line arguments to a
privileged program that does not expect them. Malicious unpriv‐
ileged users can use this technique to trick a privileged pro‐
gram into starting a superuser shell for them, or to perform
similar unauthorized actions.
One simple yet highly effective way to reduce the risk from this
type of attack is to remove the execute permission from a pro‐
gram's stack pages. This improves system security without sac‐
rificing performance and has no negative effects on the vast
majority of legitimate applications. The changes described in
this section only affect the very small number of programs that
try to execute (or are tricked into executing) instructions
located on the program's stack(s).
If the stack protection feature described in this section is
enabled for a program and that program attempts to execute code
from its stack(s), the HP-UX kernel will terminate the program
with a signal, display a message referring to this manual page
section, and log an error message to the system message log (use
to view the error message). The message logged by the kernel
is:
If you see one of these messages, check with the program's owner
to determine whether this program is legitimately executing code
from its stack. If it is, you can use one or both of the meth‐
ods described below to make the program functional again. If
the program is not legitimately executing code from its stack,
you should suspect malicious activity and take appropriate
action.
HP-UX provides two options to permit legitimate execution from a
program's stack(s). Combinations of these two options help make
site-specific tradeoffs between security and compatibility.
The first method is the use of the option of and affects indi‐
vidual programs. It is typically used to specify that a partic‐
ular binary must be able to execute from its stack, regardless
of the system default setting. This allows a restrictive system
default while not preventing legitimate programs from executing
code on their stack(s). Ideally this option should be set (if
needed) by the program's provider, to minimize the need for man‐
ual intervention by whomever installs the program.
An alternate method is setting the kernel tunable parameter, to
set a system-wide default for whether stacks are executable.
Setting the parameter to 1 (one) with (see sam(1M)) tells the
HP-UX kernel not to execute protect program stack(s). This is
the preferred setting if compatibility with older releases is
more important than security. Setting it to a 0 (zero) is
appropriate if security is more important than compatibility.
This is the recommended setting, because it significantly
improves system security with minimal, if any, negative effects
on legitimate applications.
Combinations of these settings may be appropriate for many
applications. For example, after setting to 0, you may find
that one or two critical applications no longer work because
they have a legitimate need to execute from their stack(s).
Programs such as simulators or interpreters that use self-modi‐
fying code are examples you might encounter. To obtain the
security benefits of a restrictive system default while still
letting these specific applications run correctly, set to 0, and
run on the specific binaries that need to execute code from
their stack(s). These binaries can be easily identified when
they are executed, because they will print error messages refer‐
ring to this manual page.
The possible settings for are as follows:
A setting of 0 (the default value) causes stacks to be non-
executable
and is strongly preferred from a security perspec‐
tive.
A setting of 1
causes all program stacks to be executable, and is
safest from a compatibility perspective but is the
least secure setting for this parameter.
A setting of 2
is equivalent to a setting of 0, except that it
gives non-fatal warnings instead of terminating a
process that is trying to execute from its stack.
Using this setting is helpful for users to gain con‐
fidence that using a value of 0 will not hurt their
legitimate applications. Again, there is less secu‐
rity protection.
The table below summarizes the results from using the possible
combinations of and when executing from the program's stack.
Running relies solely on the setting of the kernel tunable
parameter when deciding whether or not to grant execute permis‐
sion for stacks and is equivalent to not having run on the
binary.
chatr +es executable_stack ACTION
────────────────────────────────────────────────────────────────────────
enable 1 program runs normally
disable or chatr is not run 1 program runs normally
────────────────────────────────────────────────────────────────────────
enable 0 program runs normally
disable or chatr is not run 0 program is killed
────────────────────────────────────────────────────────────────────────
enable 2 program runs normally
disable or chatr is not run 2 program runs normally
with warning displayed
RETURN VALUE
returns zero on success. If the command line contents is syn‐
tactically incorrect, or one or more of the specified files can‐
not be acted upon, returns information about the files whose
attributes could not be modified. If no files are specified,
returns decimal 255.
Illegal options
For PA-RISC 32-bit if you use an illegal option, returns the
number of words in the command line. For example,
returns 5 (because of illegal option
returns 8.
For PA-RISC 64-bit if you use an illegal option, returns the
number of non-option words present after the first illegal
option.
returns 4.
Invalid arguments
If you use an invalid argument with a valid option and you do
not specify a file name, both PA-RISC 32-bit and 64-bit return
0.
returns 0.
For PA-RISC 32-bit if you specify a file name (regardless of
whether or not the file exists), returns number of words in the
command line.
returns 4.
For PA-RISC 64-bit if you specify a file name (regardless of
whether or not the file exists), returns the number of files
specified.
returns 3.
Invalid files
For both PA-RISC 32-bit and 64-bit if the command cannot act on
any of the files given, it returns the total number of files
specified (if some option is specified). Otherwise it returns
the number of files upon which it could not act.
(where does not have read/write permission) returns 4.
returns 1.
EXTERNAL INFLUENCES
Environment Variables
The following internationalization variables affect the execu‐
tion of
Determines the locale category for native language, local cus‐
toms and
coded character set in the absence of and
other environment variables. If is not speci‐
fied or is set to the empty string, a default
of (see lang(5)) is used instead of
Determines the values for all locale categories and has prece‐
dence over
and other environment variables.
Determines the locale category for character handling functions.
Determines the locale that should be used to affect the format
and contents of diagnostic messages written to
standard error.
Determines the locale category for numeric formatting.
Determines the location of message catalogues for the processing
of
If any internationalization variable contains an invalid set‐
ting, behaves as if all internationalization variables are set
to See environ(5).
In addition, the following environment variable affects
Specifies a directory
for temporary files (see tmpnam(3S)).
EXAMPLES
Change to demand-loaded
Change binding mode of program file that uses shared libraries
to immediate and nonfatal. Also enable usage of environment
variable:
Disallow run-time path lookup for the shared library that the
shared library depends on:
Given segment index number 5 from a previous run of change the
page size to 4 kilobytes:
AUTHOR
was developed by HP.
SEE ALSO
System Tools
ld(1) invoke the link editor
Miscellaneous
a.out(4) assembler, compiler, and linker output
magic(4) magic number for HP-UX implementations
sam(1M) system administration manager
executable_stack(5) controls whether program stacks are exe‐
cutable by default
Texts and Tutorials
(See the option)
(See manuals(5) for ordering information)
PA-RISC Systems Only chatr_pa(1)
