unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (HP-UX-11.11)
Page:
Section:
Apropos / Subsearch:
optional field



 chatr(1)							    chatr(1)




 NAME
      chatr - change program's internal attributes

 SYNOPSIS
    PA32 SOM chatr
      chatr [-nqsMN] [-l library] [-B mode] [+b flag] [+es flag] [+gst flag]
	   [+gstbuckets size] [+gstsize size] [+k flag] [+l library]
	   [+pd size] [+pi size] [+plabel_cache flag] [+q3p flag] [+q4p flag]
	   [+r flag] [+s flag] [+z flag] file ...

    PA64 ELF chatr
      There are two possible syntactic forms that can be used to invoke PA64
      chatr.

      FORMAT 1: The first syntactic form, which is compatible with the SOM
      chatr, is used for backward compatibility, and for easy manipulation of
      ordinary files that only have a single text and a single data segment:

      chatr [-nqs] [-l library] [-B mode] [+b flag] [+cd flag] [+ci flag]
	   [+es flag] [+gst flag] [+gstsize size] [+k flag] [+l library]
	   [+md flag] [+mi flag] [+pd size] [+pi size] [+s flag] [+z flag]
	   file ...

      FORMAT 2: The second syntactic form provides the ability to explicitly
      specify segments to be modified:

      chatr [-s] [-B mode] [+c flag] [+dz flag] [+k flag] [+m flag] [+p size]
	   [+r flag] [+s flag] [+si index | +sa address | +sall ] [+z flag]
	   file ...

 DESCRIPTION
      chatr allows you to change a program's internal attributes for 32-bit
      mode SOM and 64-bit mode ELF files.

      Upon completion, chatr prints the file's old and new values to
      standard output unless -s is specified.

      The +pd and +pi options only provide a hint for the virtual memory
      page size.  The actual page sizes may vary.  Under certain conditions,
      page size hints of L may result in better performance, depending on
      the specific memory requirements of the application.

      The performance of some applications may benefit from static branch
      prediction, others may not.  The +r option provides a hint for using
      or avoiding this feature.

      The +gst and related options provide performance enhancements through
      use of global symbol table which improves searching for exported
      symbols.	See dld.sl(5) and the HP-UX Linker and Libraries Online User
      Guide for more information.




 Hewlett-Packard Company	    - 1 -   HP-UX Release 11i: November 2000






 chatr(1)							    chatr(1)




    COMMON OPTIONS FOR PA32 SOM AND PA64 ELF (FORMAT 1) chatr
      chatr, by default, prints each file's magic number and file attributes
      to the standard output.

      -l library     Indicate that the specified shared library is subject
		     to run-time path lookup if directory path lists are
		     provided (see +s and +b).

      -n	     Change file from demand-loaded (DEMAND_MAGIC) to shared
		     (SHARE_MAGIC) (Ignored in PA64 FORMAT 1.)

      -q	     Change file from shared (SHARE_MAGIC) to demand-loaded
		     (DEMAND_MAGIC).  (Ignored in PA64 FORMAT 1.)

      -s	     Perform its operation silently.  (Available with the
		     PA64 FORMAT 2 command.)

      -B mode	     Select run-time binding behavior mode of a program
		     using shared libraries.  You must specify one of the
		     major binding modes immediate or deferred.	 One or more
		     of the binding modifiers nonfatal, verbose, or
		     restricted can also be specified, each with a separate
		     option.  See the HP-UX Linker and Libraries User's
		     Guide manual for a description of binding modes.
		     (Available with the PA64 FORMAT 2 command.)

      +b flag	     Control whether the embedded path list stored when the
		     program (if any) was built can be used to locate shared
		     libraries needed by the program.  The two flag values,
		     enable and disable, respectively enable and disable use
		     of the embedded path list.	 See the +s option.  You can
		     use the +b option to enable the embedded path for
		     filter libraries.

      +es flag	     Control the ability of user code to execute from stack
		     with the flag values, enable and disable.	See the
		     Restricting Execute Permission on Stacks section below
		     for additional information related to security issues.

      +gst flag	     Control whether the global symbol table hash mechanism
		     is used to look up values of symbol import/export
		     entries. The two flag values, enable and disable,
		     respectively enable and disable use of the global
		     symbol table hash mechanism.  The default is disable.

      +gstsize size  Request a particular hash array size using the global
		     symbol table hash mechanism.  The value can vary
		     between 1 and MAXINT.  The default value is 1103.	Use
		     this option with +gst enable.





 Hewlett-Packard Company	    - 2 -   HP-UX Release 11i: November 2000






 chatr(1)							    chatr(1)




      +k flag	     Request kernel assisted branch prediction.	 The flags
		     enable and disable turn this request on and off,
		     respectively.  (Available with the PA64 FORMAT 2
		     command.)

      +l library     Indicate that the specified shared library is not
		     subject to run-time path lookup if directory path lists
		     are provided (see +s and +b).

      +pd size	     Request a particular virtual memory page size that
		     should be used for data.  Sizes of 4K, 16K, 64K, 256K,
		     1M, 4M, 16M, 64M, 256M, and L are supported.  A size of
		     L will result in using the largest page size available.
		     The actual page size may vary if the requested size
		     cannot be fulfilled.

      +pi size	     Request a particular virtual memory page size that
		     should be used for instructions.  See the +pd option
		     for additional information.

      +r flag	     Request static branch prediction when executing this
		     program.  The flags enable and disable turn this
		     request on and off, respectively.	(Available with the
		     PA64 FORMAT 2 command.)

      +s flag	     Control whether the directory path list specified with
		     the SHLIB_PATH environment variable can be used to
		     locate shared libraries needed by the program.  The two
		     flag values, enable and disable, respectively enable
		     and disable use of the environment variable.  If both
		     +s and +b are used, their relative order on the command
		     line indicates which path list will be searched first.
		     See the +b option.	 (Available with the PA64 FORMAT 2
		     command.)

      +z	     Enable lazy swap on all data segments (using PA32 chatr
		     or PA64 chatr FORMAT 1) or on a specific segment (using
		     PA64 ELF chatr FORMAT 2).	May not be used with non-
		     data segments.

    OPTIONS FOR PA32 SOM chatr ONLY
      -M	     Change file from EXEC_MAGIC to SHMEM_MAGIC.  (This
		     option is an interim solution until 64-bit
		     addressability is available with a true 64-bit kernel.
		     See the "chatr and MAGIC Numbers" and "Using
		     SHMEM_MAGIC" sections below.)

      -N	     Change file from SHMEM_MAGIC to EXEC_MAGIC.  (This
		     option is an interim solution until 64-bit
		     addressability is available with a true 64-bit kernel.
		     See the "chatr and MAGIC Numbers" and "Using



 Hewlett-Packard Company	    - 3 -   HP-UX Release 11i: November 2000






 chatr(1)							    chatr(1)




		     SHMEM_MAGIC" sections below.)

      +gstbuckets size
		     Request a particular number of buckets per entry using
		     the global symbol table hash mechanism.  The value can
		     vary between 1 and MAXINT.	 The default value is 3.
		     Use this option with +gst enable.

      +plabel_cache flag
		     Control the use of the plabel caching mechanism.  The
		     flags enable and disable turn this request on and off,
		     respectively.  The default is disable.  Use this option
		     with +gst enable.

		     This option is effective with C++.	 In C++
		     applications, the dynamic loader needs to repetitively
		     access PLABEL information (import stub). In order to
		     make this access faster, the dynamic loader uses the
		     global symbol table structure to also contain PLABEL
		     entries. This behavior is enabled when the PLABEL_CACHE
		     flag is set in the dl_header structure (enabled ld
		     +plabel_cache enable a.out or chatr +plabel_cache
		     enable a.out).

      +q3p flag	     Control the flag bit setting to indicate how 32-bit
		     processes use the third quadrant as data space.

		     The enable flag sets the flag bit to indicate that 32-
		     bit processes use the third quadrant as a private data
		     space.  By setting the bit, the private data space
		     increases from 1.9GB to 2.85GB for 32-bit processes.

		     The disable flag unsets the bit, which returns the
		     third quadrant to the default state, in which it is
		     used for shared memory.

		     This flag mechanism differs from how to set usage for
		     the first and second quadrants.  Set these values by
		     using the magic number of the executable.	(See the -M
		     and -N options.)

      +q4p flag	     Control the flag bit setting to indicate how 32-bit
		     processes use the third and fourth quadrant as data
		     space.

		     The enable flag sets the flag bit to indicate that 32-
		     bit processes use the fourth quadrant as a private data
		     space.  By setting the +q4p flag bit, the private data
		     space increases from 1.9GB to 3.8GB for 32-bit
		     processes.	 When you set the fourth quadrant for
		     private data space, the third quadrant is automatically



 Hewlett-Packard Company	    - 4 -   HP-UX Release 11i: November 2000






 chatr(1)							    chatr(1)




		     set for use as private data space, ignoring the current
		     +q3p value.

		     The disable flag unsets the flag bit, which returns the
		     fourth quadrant to the default state, in which it is
		     used for shared memory.  With +q4p disable, the value
		     of the +q3p flag controls whether the third quadrant is
		     used as a private data space or for shared memory.

		     This flag mechanism differs from how to set usage for
		     the first and second quadrants.  Set these values by
		     using the magic number of the executable.	(See the -M
		     and -N options.)

    OPTIONS FOR PA64 ELF chatr
      PA64 ELF chatr is similar to SOM chatr but supports new options (and
      obsoletes others).

      New options:

      OPTIONS FOR PA64 ELF chatr (FORMAT 1)

      +cd	     Set the code bit for the file's data segment(s).

      +ci	     Set the code bit for the file's text segments(s).

      +md	     Set the modification bit for the file's data
		     segment(s).

      +mi	     Set the modification bit for the file's text
		     segment(s).

      OPTIONS FOR PA64 ELF chatr (FORMAT 2)

      With common options: -s, -B mode, +k flag, +r flag, +s flag, +z flag.

      +c	     Set the code bit for a specified segment.

      +dz	     Enable or disable lazy swap allocation for dynamically
		     allocated segments (such as the stack or heap).

      +m	     Set the modification bit for a specified segment.

      +p	     Set the page size for a specified segment.

      +sa	     Specify a segment using an address for a set of
		     attribute modifications.

      +sall	     Use all segments in the file for a set of attribute
		     modifications.




 Hewlett-Packard Company	    - 5 -   HP-UX Release 11i: November 2000






 chatr(1)							    chatr(1)




      +si	     Specify a segment using a segment index number for a
		     set of attribute modifications.

    chatr and MAGIC Numbers
      The term shared applies to the magic number SHARE_MAGIC while the term
      demand-loaded applies to the magic number DEMAND_MAGIC.  See magic(4)
      and the HP-UX Linker and Libraries Online User Guide for more
      information.

      chatr labels the following type of executables in output.

	   SHARE_MAGIC:	       shared executable

	   DEMAND_MAGIC:       demand load executable

	   EXEC_MAGIC:	       normal executable

	   SHMEM_MAGIC:	       normal SHMEM_MAGIC executable

      The linker produces SHARE_MAGIC executables by default.

    Using SHMEM_MAGIC
      SHMEM_MAGIC is an interim solution until 64-bit addressability is
      available with a true 64-bit kernel.

      SHMEM_MAGIC will not be supported on future HP implementations of 64-
      bit architectures (beyond PA2.0).	 Programs that need larger than 1.75
      GB of shared memory on those architectures will have to be recompiled
      (as 64-bit executables) for those architectures.

      Programs that are compiled as 64-bit executables on any 64-bit HP
      implementation (including PA 2.0) cannot be marked as SHMEM_MAGIC nor
      do they need to be as they will already have access to more than 1.75
      GB of shared memory.

      The additional 1 GB of shared memory that is available over other
      types of executables can be availed of only for system V shared memory
      and not other forms of shared memory (like memory mapped files).

    Restricting Execute Permission on Stacks
      A frequent or common method of breaking into systems is by maliciously
      overflowing buffers on a program's stack, such as passing unusually
      long, carefully chosen command line arguments to a privileged program
      that does not expect them.  Malicious unprivileged users can use this
      technique to trick a privileged program into starting a superuser
      shell for them, or to perform similar unauthorized actions.

      One simple yet highly effective way to reduce the risk from this type
      of attack is to remove the execute permission from a program's stack
      pages.  This improves system security without sacrificing performance
      and has no negative effects on the vast majority of legitimate



 Hewlett-Packard Company	    - 6 -   HP-UX Release 11i: November 2000






 chatr(1)							    chatr(1)




      applications.  The changes described in this section only affect the
      very small number of programs that try to execute (or are tricked into
      executing) instructions located on the program's stack(s).

      If the stack protection feature described in this section is enabled
      for a program and that program attempts to execute code from its
      stack(s), the HP-UX kernel will terminate the program with a SIGKILL
      signal, display a message referring to this manual page section, and
      log an error message to the system message log (use dmesg to view the
      error message).  The message logged by the kernel is:

	   WARNING: UID # may have attempted a buffer overflow attack.	PID
	   # (program_name) has been terminated.  See the '+es enable'
	   option of chatr(1).

      If you see one of these messages, check with the program's owner to
      determine whether this program is legitimately executing code from its
      stack.  If it is, you can use one or both of the methods described
      below to make the program functional again.  If the program is not
      legitimately executing code from its stack, you should suspect
      malicious activity and take appropriate action.

      HP-UX provides two options to permit legitimate execution from a
      program's stack(s).  Combinations of these two options help make
      site-specific tradeoffs between security and compatibility.

      The first method is the use of the +es option of chatr and affects
      individual programs.  It is typically used to specify that a
      particular binary must be able to execute from its stack, regardless
      of the system default setting.  This allows a restrictive system
      default while not preventing legitimate programs from executing code
      on their stack(s).  Ideally this option should be set (if needed) by
      the program's provider, to minimize the need for manual intervention
      by whomever installs the program.

      An alternate method is setting the kernel tunable parameter,
      executable_stack, to set a system-wide default for whether stacks are
      executable.  Setting the executable_stack parameter to 1 (one) with
      sam (see sam(1M)) tells the HP-UX kernel to allow programs to execute
      on the program stack(s).	Use this setting if compatibility with older
      releases is more important than security.	 Setting the
      executable_stack parameter to  0 (zero), the recommended setting, is
      appropriate if security is more important than compatibility.  This
      setting significantly improves system security with minimal, if any,
      negative effects on legitimate applications.

      Combinations of these settings may be appropriate for many
      applications.  For example, after setting executable_stack to 0, you
      may find that one or two critical applications no longer work because
      they have a legitimate need to execute from their stack(s).  Programs
      such as simulators or interpreters that use self-modifying code are



 Hewlett-Packard Company	    - 7 -   HP-UX Release 11i: November 2000






 chatr(1)							    chatr(1)




      examples you might encounter.  To obtain the security benefits of a
      restrictive system default while still letting these specific
      applications run correctly, set executable_stack to 0, and run chatr
      +es enable on the specific binaries that need to execute code from
      their stack(s).  These binaries can be easily identified when they are
      executed, because they will print error messages referring to this
      manual page.

      The possible settings for executable_stack are as follows:

	   executable_stack = 0
		A setting of 0 causes stacks to be non-executable and is
		strongly preferred from a security perspective.

	   executable_stack = 1 (default)
		A setting of 1 (the default value) causes all program stacks
		to be executable, and is safest from a compatibility
		perspective but is the least secure setting for this
		parameter.

	   executable_stack = 2
		A setting of 2 is equivalent to a setting of 0, except that
		it gives non-fatal warnings instead of terminating a process
		that is trying to execute from its stack.  Using this
		setting is helpful for users to gain confidence that using a
		value of 0 will not hurt their legitimate applications.
		Again, there is less security protection.

      The table below summarizes the results from using the possible
      combinations of chatr +es and executable_stack when executing from the
      program's stack.	Running chatr +es disable relies solely on the
      setting of the executable_stack kernel tunable parameter when deciding
      whether or not to grant execute permission for stacks and is
      equivalent to not having run chatr +es on the binary.

      _________________________________________________________________________
      |chatr +es		   | executable_stack | ACTION		       |
      |____________________________|__________________|________________________|
      |enable			   | 1		      | program runs normally  |
      |disable or chatr is not run | 1		      | program runs normally  |
      |____________________________|__________________|________________________|
      |enable			   | 0		      | program runs normally  |
      |disable or chatr is not run | 0		      | program is killed      |
      |____________________________|__________________|________________________|
      |enable			   | 2		      | program runs normally  |
      |disable or chatr is not run | 2		      | program runs normally  |
      |				   |		      | with warning displayed |
      |____________________________|__________________|________________________|

 RETURN VALUE
      chatr returns zero on success.  If the command line contents is



 Hewlett-Packard Company	    - 8 -   HP-UX Release 11i: November 2000






 chatr(1)							    chatr(1)




      syntactically incorrect, or one or more of the specified files cannot
      be acted upon, chatr returns information about the files whose
      attributes could not be modified.	 If no files are specified, chatr
      returns decimal 255.

    Illegal options
      For PA32 chatr, if you use an illegal option, chatr returns the number
      of words in the command line. For example,

	   chatr +b enable +xyz enable returns	5 (because of illegal option
	   +xyz).

	   chatr +b enable +xyz enable +mno file1  file2 returns 8.

      For PA64 chatr, if you use an illegal option, chatr returns the number
      of non-option words present after the first illegal option.

	   chatr +b enable +xyz enable +mno enable +pqr enable file returns
	   4.

    Invalid arguments
      If you use an invalid argument with a valid option and you do not
      specify a filename, both PA32 and PA64 chatr return 0.

	   chatr +b <no argument> returns 0.

      For PA32 chatr, if you specify a file name (regardless of whether or
      not the file exists), chatr returns number of words in the command
      line.

	   chatr +b  <&lt&lt&lt;no argument>&gt&gt&gt; file returns 4.

      For PA64 chatr, if you specify a file name (regardless of whether or
      not the file exists), chatr returns the number of files specified.

	   chatr +b <no argument> file1 file2 file3 returns 3.

    Invalid files
      For both PA32 and PA64 chatr, if the command cannot act on any of the
      files given, it returns the total number of files specified (if some
      option is specified).  Otherwise it returns the number of files upon
      which it could not act.

	   chatr +b enable a1 a2 a3 a4 (where a2 does not have read/write
	   permission) returns 4.

	   chatr a1 a2 a3 a4 returns 1.

 EXTERNAL INFLUENCES
    Environment Variables




 Hewlett-Packard Company	    - 9 -   HP-UX Release 11i: November 2000






 chatr(1)							    chatr(1)




      The following internationalization variables affect the execution of
      chatr:

      LANG		Determines the locale category for native language,
			local customs and coded character set in the absence
			of LC_ALL and other LC_* environment variables.	 If
			LANG is not specified or is set to the empty string,
			a default of C (see lang(5)) is used instead of
			LANG.

      LC_ALL		Determines the values for all locale categories and
			has precedence over LANG and other LC_* environment
			variables.

      LC_CTYPE		Determines the locale category for character
			handling functions.

      LC_MESSAGES	Determines the locale that should be used to affect
			the format and contents of diagnostic messages
			written to standard error.

      LC_NUMERIC	Determines the locale category for numeric
			formatting.

      NLSPATH		Determines the location of message catalogues for
			the processing of LC_MESSAGES.

      If any internationalization variable contains an invalid setting,
      chatr behaves as if all internationalization variables are set to C.
      See environ(5).

      In addition, the following environment variable affects chatr:

      TMPDIR		Specifies a directory for temporary files (see
			tmpnam(3S)).

 EXAMPLES
      Change a.out to demand-loaded

	   chatr -q a.out

      Change binding mode of program file that uses shared libraries to
      immediate and nonfatal.  Also enable usage of SHLIB_PATH environment
      variable:

	   chatr -B immediate -B nonfatal +s enable a.out

      Disallow run-time path lookup for the shared library /usr/lib/libc.sl
      that the shared library libfoo.sl depends on:





 Hewlett-Packard Company	   - 10 -   HP-UX Release 11i: November 2000






 chatr(1)							    chatr(1)




	   chatr +l /usr/lib/libc.sl libfoo.sl

      Given segment index number 5 from a previous run of chatr, change the
      page size to 4 kilobytes:

	   chatr +si 5 +p 4K average64

 AUTHOR
      chatr was developed by HP.

 SEE ALSO
    System Tools:
      ld(1)		invoke the link editor
    Miscellaneous:
      a.out(4)		assembler, compiler, and linker output
      magic(4)		magic number for HP-UX implementations
      sam(1M)		system administration manager

    Texts and Tutorials:
      HP-UX Linker and Libraries Online User Guide
			(See the +help option)
      HP-UX Linker and Libraries User's Guide
			(See manuals(5) for ordering information)































 Hewlett-Packard Company	   - 11 -   HP-UX Release 11i: November 2000