chatr_ia(1) chatr_ia(1)
For Itanium(R)-based Systems
NAME [Toc] [Back]
chatr_ia: chatr - change program's internal attributes
SYNOPSIS [Toc] [Back]
Format 1: for files with a single text segment and a single data segment
chatr [-s] [-z|Z] [-l library] [-B mode] [+as mode] [+b flag]
[+cd flag] [+ci flag] [+dbg flag] [+es flag] [+gst flag]
[+gstsize size] [+id flag] [+k flag] [+l library] [+md flag]
[+mergeseg flag] [+mi flag] [+o flag] [+pd size] [+pi size]
[+s flag] [+z flag] [+I flag] file ...
Format 2: for explicit specification of segments
chatr {+sa address | +sall | +si index} [-s] [-B mode] [+c flag]
[+dz flag] [+k flag] [+m flag] [+mergeseg flag] [+p size]
[+r flag] [+s flag] [+z flag] [+I flag] file ...
DESCRIPTION [Toc] [Back]
chatr allows you to change a program's internal attributes for 32-bit
and 64-bit ELF files.
There are two syntactic forms that can be used to invoke chatr.
+ Format 1 allows easy manipulation of ordinary files that have only
a single text segment and a single data segment.
+ Format 2 allows explicit specification of the segments to be
modified.
Upon completion, chatr prints the file's old and new values to
standard output unless -s is specified.
The +pd and +pi options only provide a hint for the virtual memory
page size. The actual page sizes may vary. Under certain conditions,
page size hints of L may result in better performance, depending on
the specific memory requirements of the application.
The performance of some applications may benefit from static branch
prediction, others may not. The +r option provides a hint for using
or avoiding this feature.
The +gst and related options provide performance enhancements through
use of global symbol table which improves searching for exported
symbols. See dld.so(5) and the HP-UX Linker and Libraries Online User
Guide for more information.
To use Format 2, first specify the segment you want to modify by
address (with the +sa option) or index (with the +si option), or
specify all segments (with the +sall option). Then use the +c, +m,
+r, +s, or +z options to modify the segment attributes. You can
include more than one segment on the command line as long as you
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: Sep 2004
chatr_ia(1) chatr_ia(1)
For Itanium(R)-based Systems
specify each segment with an +sa address or +si index option, followed
by the modifying options.
Options [Toc] [Back]
-l library Indicate that the specified shared library is subject
to run-time path lookup if directory path lists are
provided (see +s and +b).
-s Perform its operation silently.
-z Enable run-time dereferencing of null pointers to
produce a SIGSEGV signal. (This is the complement of
the -Z option.)
-B mode Select run-time binding behavior mode of a program
using shared libraries. You must specify one of the
binding modes immediate or deferred. See the HP-UX
Linker and Libraries User's Guide for a description of
binding modes.
-Z Disable run-time dereferencing of null pointers. (This
is the complement of the -z option.)
+as mode Control the address space model to be used by the
kernel. Possible values for mode are default,
share_magic, exec_magic, shmem_magic, and mpas. The
default value is currently equivalent to share_magic.
In order to set the mode to any value other than the
default, the binary should have been built with the -N
compiler option to ensure that the text and data
segments are contiguous.
+b flag Control whether the embedded path list stored when the
program (if any) was built can be used to locate shared
libraries needed by the program. The two flag values,
enable and disable, respectively enable and disable use
of the embedded path list. However, you cannot use
disable on an ELF file, and a warning message is
issued. See the +s option. You can use the +b option
to enable the embedded path for filter libraries.
+c flag (Format 2 only.) Enable or disable the code bit for a
specified segment. If this is enabled, it is denoted
by the c flag for the segment listing in the chatr
output.
+cd flag Enable or disable the code bit for the file's data
segment(s). If this is enabled, it is denoted by the c
flag for the segment listing in the chatr output.
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: Sep 2004
chatr_ia(1) chatr_ia(1)
For Itanium(R)-based Systems
+ci flag Enable or disable the code bit for the file's text
segments(s). If this is enabled, it is denoted by the
c flag for the segment listing in the chatr output.
+dbg flag Enable or disable the ability to run a program, and,
after it is running, attach to it with a debugger and
set breakpoints in its dependent shared libraries.
+dz flag (Format 2 only.) Enable or disable lazy swap allocation
for dynamically allocated segments (such as the stack
or heap).
+es flag Control the ability of user code to execute from stack
with the flag values, enable and disable. See the
Restricting Execute Permission on Stacks section below
for additional information related to security issues.
+gst flag Control whether the global symbol table hash mechanism
is used to look up values of symbol import/export
entries. The two flag values, enable and disable,
respectively enable and disable use of the global
symbol table hash mechanism. The default is disable.
+gstsize size Request a particular hash array size using the global
symbol table hash mechanism. The value can vary
between 1 and MAXINT. The default value is 1103. Use
this option with +gst enable. This option works on
files liked with the +gst option.
+id flag Controls the preference of physical memory for the data
segment. This is only important on ccNUMA (Cache
Coherent Non-Uniform Memory Architecture) systems. The
flag value may be either enable or disable. When
enabled, the data segment will use interleaved memory.
When disabled (the default), the data segment will use
cell local memory. This behavior will be inherited
across a fork(), but not an exec().
For more information regarding ccNUMA, see
pstat_getlocality(2).
+k flag Request kernel assisted branch prediction. The flags
enable and disable turn this request on and off,
respectively.
+l library Indicate that the specified shared library is not
subject to run-time path lookup if directory path lists
are provided (see +s and +b).
+m flag (Format 2 only.) Enable or disable the modification bit
for a specified segment. If this is enabled, it is
Hewlett-Packard Company - 3 - HP-UX 11i Version 2: Sep 2004
chatr_ia(1) chatr_ia(1)
For Itanium(R)-based Systems
denoted by the m flag for the segment listing in the
chatr output.
+md flag Enable or disable the modification bit for the file's
data segment(s). If this is enabled, it is denoted by
the m flag for the segment listing in the chatr output.
+mergeseg flag Enable or disable the shared library segment merging
features. When enabled, all data segments of shared
libraries loaded at program startup are merged into a
single block. Data segments for each dynamically
loaded library will also be merged with the data
segments of its dependent libraries. Merging of these
segments increases run-time performance by allowing the
kernel to use larger size page table entries.
+mi flag Enable or disable the modification bit for the file's
text segment(s). If this is enabled, it is denoted by
the m flag for the segment listing in the chatr output.
+o flag Enable or disable the DF_ORIGIN flag to control use of
$ORIGIN in calculating the absolute path of the working
directory. Enabling the flag instructs the dynamic
loader to calculate the absolute path of the current
working directory when the parent module (object
module, shared library, or executable) is first loaded.
The loader then uses this path for all occurrences of
$ORIGIN. The loader then uses this path for all
occurrences of $ORIGIN in the dependent libraries.
If there are no occurrences of $ORIGIN, you should
disable the DF_ORIGIN flag, to avoid calculating the
absolute path. By default, if $ORIGIN is not present,
the DF_ORIGIN flag is disabled.
+p size (Format 2 only.) Set the page size for a specified
segment.
+pd size Request a particular virtual memory page size that
should be used for data. Sizes of 4K, 16K, 64K, 256K,
1M, 4M, 16M, 64M, 256M, 1G, 4G, D, and L are supported.
A size of D results in using the default page size. A
size of L results in using the largest page size
available. The actual page size may vary if the
requested size cannot be fulfilled.
+pi size Request a particular virtual memory page size that
should be used for text (instructions). See the +pd
option for additional information.
Hewlett-Packard Company - 4 - HP-UX 11i Version 2: Sep 2004
chatr_ia(1) chatr_ia(1)
For Itanium(R)-based Systems
+r flag Request static branch prediction when executing this
program. The flags enable and disable turn this
request on and off, respectively. If this is enabled,
it is denoted by the r flag for the segment listing in
the chatr output.
+s flag Control whether the directory path list specified with
the LD_LIBRARY_PATH and SHLIB_PATH environment variable
can be used to locate shared libraries needed by the
program. The two flag values, enable and disable,
respectively enable and disable use of the environment
variable. If both +s and +b are used, their relative
order on the command line indicates which path list
will be searched first. See the +b option.
+sa address (Format 2 only.) Specify a segment using an address for
a set of attribute modifications.
+sall (Format 2 only.) Use all segments in the file for a set
of attribute modifications.
+si index (Format 2 only.) Specify a segment using a segment
index number for a set of attribute modifications.
+z flag Enable or disable lazy swap on all data segments (using
FORMAT 1) or on a specific segment (using 2). The
flags enable and disable turn this request on or off
respectively. May not be used with non-data segments.
+I flag Enable or disable dynamic instrumentation by
/opt/langtools/bin/caliper. If enabled, the dynamic
loader (see dld.so(5)) will automatically invoke
caliper upon program execution to collect profile
information.
Restricting Execute Permission on Stacks [Toc] [Back]
A frequent or common method of breaking into systems is by maliciously
overflowing buffers on a program's stack, such as passing unusually
long, carefully chosen command line arguments to a privileged program
that does not expect them. Malicious unprivileged users can use this
technique to trick a privileged program into starting a superuser
shell for them, or to perform similar unauthorized actions.
One simple yet highly effective way to reduce the risk from this type
of attack is to remove the execute permission from a program's stack
pages. This improves system security without sacrificing performance
and has no negative effects on the vast majority of legitimate
applications. The changes described in this section only affect the
very small number of programs that try to execute (or are tricked into
executing) instructions located on the program's stack(s).
Hewlett-Packard Company - 5 - HP-UX 11i Version 2: Sep 2004
chatr_ia(1) chatr_ia(1)
For Itanium(R)-based Systems
If the stack protection feature described in this section is enabled
for a program and that program attempts to execute code from its
stack(s), the HP-UX kernel will terminate the program with a SIGKILL
signal, display a message referring to this manual page section, and
log an error message to the system message log (use dmesg to view the
error message). The message logged by the kernel is:
WARNING: UID # may have attempted a buffer overflow attack. PID
# (program_name) has been terminated. See the '+es enable'
option of chatr(1).
If you see one of these messages, check with the program's owner to
determine whether this program is legitimately executing code from its
stack. If it is, you can use one or both of the methods described
below to make the program functional again. If the program is not
legitimately executing code from its stack, you should suspect
malicious activity and take appropriate action.
HP-UX provides two options to permit legitimate execution from a
program's stack(s). Combinations of these two options help make
site-specific tradeoffs between security and compatibility.
The first method is the use of the +es option of chatr and affects
individual programs. It is typically used to specify that a
particular binary must be able to execute from its stack, regardless
of the system default setting. This allows a restrictive system
default while not preventing legitimate programs from executing code
on their stack(s). Ideally this option should be set (if needed) by
the program's provider, to minimize the need for manual intervention
by whomever installs the program.
An alternate method is setting the kernel tunable parameter,
executable_stack, to set a system-wide default for whether stacks are
executable. Setting the executable_stack parameter to 1 (one) with
sam (see sam(1M)) tells the HP-UX kernel to allow programs to execute
on the program stack(s). Use this setting if compatibility with older
releases is more important than security. Setting the
executable_stack parameter to 0 (zero), the recommended setting, is
appropriate if security is more important than compatibility. This
setting significantly improves system security with minimal, if any,
negative effects on legitimate applications.
Combinations of these settings may be appropriate for many
applications. For example, after setting executable_stack to 0, you
may find that one or two critical applications no longer work because
they have a legitimate need to execute from their stack(s). Programs
such as simulators or interpreters that use self-modifying code are
examples you might encounter. To obtain the security benefits of a
restrictive system default while still letting these specific
applications run correctly, set executable_stack to 0, and run chatr
+es enable on the specific binaries that need to execute code from
Hewlett-Packard Company - 6 - HP-UX 11i Version 2: Sep 2004
chatr_ia(1) chatr_ia(1)
For Itanium(R)-based Systems
their stack(s). These binaries can be easily identified when they are
executed, because they will print error messages referring to this
manual page.
The possible settings for executable_stack are as follows:
executable_stack = 0 (default)
A setting of 0 (the default value) causes stacks to be nonexecutable
and is strongly preferred from a security
perspective.
executable_stack = 1
A setting of 1 causes all program stacks to be executable,
and is safest from a compatibility perspective but is the
least secure setting for this parameter.
executable_stack = 2
A setting of 2 is equivalent to a setting of 0, except that
it gives non-fatal warnings instead of terminating a process
that is trying to execute from its stack. Using this
setting is helpful for users to gain confidence that using a
value of 0 will not hurt their legitimate applications.
Again, there is less security protection.
The table below summarizes the results from using the possible
combinations of chatr +es and executable_stack when executing from the
program's stack. Running chatr +es disable relies solely on the
setting of the executable_stack kernel tunable parameter when deciding
whether or not to grant execute permission for stacks and is
equivalent to not having run chatr +es on the binary.
________________________________________________________________
|chatr +es | executable_stack | Action |
|___________________|__________________|________________________|
|enable | 1 | program runs normally |
|disable or | 1 | program runs normally |
| chatr is not run | | |
|___________________|__________________|________________________|
|enable | 0 | program runs normally |
|disable or | 0 | program is killed |
| chatr is not run | | |
|___________________|__________________|________________________|
|enable | 2 | program runs normally |
|disable or | 2 | program runs normally |
| chatr is not run | | with warning displayed |
|___________________|__________________|________________________|
RETURN VALUE [Toc] [Back]
chatr returns zero on success. If the command line contents is
syntactically incorrect, or one or more of the specified files cannot
be acted upon, chatr returns information about the files whose
Hewlett-Packard Company - 7 - HP-UX 11i Version 2: Sep 2004
chatr_ia(1) chatr_ia(1)
For Itanium(R)-based Systems
attributes could not be modified. If no files are specified, chatr
returns decimal 255.
Illegal options [Toc] [Back]
If you use an illegal option, chatr returns the number of non-option
words present after the first illegal option. The following example
returns 4:
chatr +b enable +xyz enable +mno enable +pqr enable file
Invalid arguments [Toc] [Back]
If you use an invalid argument with a valid option and you do not
specify a file name, chatr returns 0, as in this example:
chatr +b <no argument>
If you specify a file name (regardless of whether or not the file
exists), chatr returns the number of files specified. The following
example returns 3:
chatr <no argument> file1 file2 file3
Invalid files [Toc] [Back]
If the command cannot act on any of the files given, it returns the
total number of files specified (if some option is specified).
Otherwise it returns the number of files upon which it could not act.
If a2 does not have read/write permission, the first of the following
examples returns 4 and the second returns 1:
chatr +b enable a1 a2 a3 a4
chatr a1 a2 a3 a4
EXTERNAL INFLUENCES [Toc] [Back]
Environment Variables
The following internationalization variables affect the execution of
chatr:
LANG Determines the locale category for native language,
local customs and coded character set in the absence
of LC_ALL and other LC_* environment variables. If
LANG is not specified or is set to the empty string,
a default of C (see lang(5)) is used instead of
LANG.
LC_ALL Determines the values for all locale categories and
has precedence over LANG and other LC_* environment
variables.
LC_CTYPE Determines the locale category for character
handling functions.
Hewlett-Packard Company - 8 - HP-UX 11i Version 2: Sep 2004
chatr_ia(1) chatr_ia(1)
For Itanium(R)-based Systems
LC_MESSAGES Determines the locale that should be used to affect
the format and contents of diagnostic messages
written to standard error.
LC_NUMERIC Determines the locale category for numeric
formatting.
NLSPATH Determines the location of message catalogues for
the processing of LC_MESSAGES.
If any internationalization variable contains an invalid setting,
chatr behaves as if all internationalization variables are set to C.
See environ(5).
In addition, the following environment variable affects chatr:
TMPDIR Specifies a directory for temporary files (see
tmpnam(3S)).
EXAMPLES [Toc] [Back]
Change a.out to demand-loaded
chatr -q a.out
Change binding mode of program file that uses shared libraries to
immediate and nonfatal. Also enable usage of SHLIB_PATH environment
variable:
chatr -B immediate -B nonfatal +s enable a.out
Disallow run-time path lookup for the shared library /usr/lib/libc.sl
that the shared library libfoo.sl depends on:
chatr +l /usr/lib/libc.sl libfoo.sl
Given segment index number 5 from a previous run of chatr, change the
page size to 4 kilobytes:
chatr +si 5 +p 4K average64
To set the modify bit of a specific segment, first find the index or
address number of the segment.
chatr a.out
a.out:
32-bit ELF executable
shared library dynamic path search:
LD_LIBRARY_PATH enabled first
SHLIB_PATH enabled second
embedded path enabled third /CLO/TAHOE_BE/usr/lib/hpux32
Hewlett-Packard Company - 9 - HP-UX 11i Version 2: Sep 2004
chatr_ia(1) chatr_ia(1)
For Itanium(R)-based Systems
shared library list:
libsin.so
libc.so.1
shared library binding:
deferred
global hash table enabled
global hash table size 100
shared library mapped private disabled
shared vtable support disabled
segments:
index type address flags size
5 text 04000000 ----c D (default)
6 data 40000000 ---m- L (largest possible)
executable from stack: D (default)
kernel assisted branch prediction enabled
lazy swap allocation for dynamic segments disabled
For Format 2, for a text segment, use the following:
chatr +si 5 +m enable a.out
or
chatr +sa 04000000 +m enable a.out
For Format 1, use the following:
chatr +mi enable a.out
WARNINGS [Toc] [Back]
This release of the chatr command no longer supports the following
options:
+ -n
+ -q
+ -M
+ -N
+ +getbuckets size
+ +plabel_cache flag
+ +q3p flag
+ +q4p flag
AUTHOR [Toc] [Back]
chatr was developed by HP.
SEE ALSO [Toc] [Back]
System Tools
ld(1) invoke the link editor
dld.so(5) dynamic loader
Hewlett-Packard Company - 10 - HP-UX 11i Version 2: Sep 2004
chatr_ia(1) chatr_ia(1)
For Itanium(R)-based Systems
Miscellaneous [Toc] [Back]
a.out(4) assembler, compiler, and linker output
magic(4) magic number for HP-UX implementations
sam(1M) system administration manager
executable_stack(5) controls whether program stacks are executable by
default
Texts and Tutorials [Toc] [Back]
HP-UX Linker and Libraries Online User Guide
(See the +help option)
HP-UX Linker and Libraries User's Guide
(See manuals(5) for ordering information)
Hewlett-Packard Company - 11 - HP-UX 11i Version 2: Sep 2004 [ Back ] |
