chatr_ia(1)						      General Commands Manual						       chatr_ia(1)

NAME

       chatr_ia: chatr - change program's internal attributes on Integrity systems

SYNOPSIS

   Format 1: for files with a single text segment and a single data segment
       library] mode] mode] flag]
	      flag]  flag]  flag]  flag]  flag] flag] size] flag] flag] library] flag] flag] flag] flag] flag] size] size] flag] flag] flag] flag]
	      file ...

   Format 2: for explicit specification of segments
       address | index} mode] flag]
	      flag] flag] flag] flag] size] flag] flag] flag] flag] file ...

   Remarks
       This manpage describes on Integrity systems.  For on PA-RISC systems, see chatr_pa(1).

DESCRIPTION

       allows you to change a program's internal attributes for 32-bit and 64-bit ELF files.

       There are two syntactic forms that can be used to invoke

       o  allows easy manipulation of ordinary files that have only a single text segment and a single data segment.

       o  allows explicit specification of the segments to be modified.

       Upon completion, prints the file's old and new values to standard output unless is specified.

       The and options only provide a hint for the virtual memory page size.  The actual page sizes may vary.  Under certain conditions, page size
       hints of may result in better performance, depending on the specific memory requirements of the application.

       The  performance  of  some applications may benefit from static branch prediction, others may not.  The option provides a hint for using or
       avoiding this feature.

       The and related options provide performance enhancements through use of global symbol table which improves searching for exported  symbols.
       See dld.so(5) and the for more information.

       To  use Format 2, first specify the segment you want to modify by address (with the option) or index (with the option), or specify all seg-
       ments (with the option).  Then use the or options to modify the segment attributes.  You can include more than one segment on  the  command
       line as long as you specify each segment with an or option, followed by the modifying options.

   Options
       Indicate that the specified shared library
		      is subject to run-time path lookup if directory path lists are provided (see and

       Perform its operation silently.

       Enable null pointer dereference trap.
		      Run-time dereference of null pointers will produce a SIGSEGV signal.  (This is the complement of the option.)

       Select run-time binding behavior mode of a program
		      using shared libraries.  You must specify one of the binding modes or See the for a description of binding modes.

       Disable null pointer dereference trap.
		      (This is the complement of the option.)

       Control the address space model to be used by the kernel.
		      Possible	values	for  mode are and The default value is currently equivalent to In order to set the mode to any value other
		      than the default, the binary should have been built with the compiler option to ensure that the text and data  segments  are
		      contiguous.

       Control whether the embedded path list
		      stored  when the program (if any) was built can be used to locate shared libraries needed by the program.  The two flag val-
		      ues, and respectively enable and disable use of the embedded path list.  However, you cannot use on an ELF file, and a warn-
		      ing message is issued.  See the option.  You can use the option to enable the embedded path for filter libraries.

       (Format 2 only.) Enable or disable the code bit for a specified segment.
		      If this is enabled, it is denoted by the flag for the segment listing in the output.

       Enable or disable the code bit for the file's data segment(s).
		      If this is enabled, it is denoted by the flag for the segment listing in the output.

       Enable or disable the code bit for the file's text segments(s).
		      If this is enabled, it is denoted by the flag for the segment listing in the output.

       Enable or disable the ability to run a program, and, after it is running,
		      attach  to  it with a debugger and set breakpoints in its dependent shared libraries.  When enabled, this allows for mapping
		      the text segments of shared libraries in a private, writable region.  Also, you can use this feature  on	individual  shared
		      libraries, which makes the text segment mapped private.  If contains the string "", all shared libraries are mapped private.
		      You can also specify a colon-separated list of shared library base names with this option, following an equal character; for
		      example:

       Change the dynamic optimization setting.  The flag
		      value  enables  dynamic optimizations for a load module (executable or shared library), if the run-time environment supports
		      this feature.  The flag value prohibits dynamic optimizations for a load module.	The flag value restores the  default  set-
		      ting, which allows the run-time environment to enable or disable dynamic optimizations for a load module.

       (Format 2 only.) Enable or disable lazy swap allocation for dynamically
		      allocated segments (such as the stack or heap).

       Control the ability of user code to execute from stack with the
		      flag values, and See the section below for additional information related to security issues.

       Control whether the global symbol table hash mechanism is
		      used to look up values of symbol import/export entries.  The two flag values, and respectively enable and disable use of the
		      global symbol table hash mechanism.  The default is

       Request a particular hash array
		      size using the global symbol table hash mechanism.  The value can vary between 1 and The default value is  1103.	 Use  this
		      option with This option works on files liked with the option.

       Controls the preference of physical memory for the data segment.
		      This  is	only  important  on ccNUMA (Cache Coherent Non-Uniform Memory Architecture) systems.  The flag value may be either
		      enable or disable.  When enabled, the data segment will use interleaved memory.  When disabled (the default), the data  seg-
		      ment will use cell local memory.	This behavior will be inherited across a but not an

		      For more information regarding ccNUMA, see pstat_getlocality(2).

       Request kernel assisted branch prediction.
		      The flags and turn this request on and off, respectively.

       Indicate that the specified shared library
		      is not subject to run-time path lookup if directory path lists are provided (see and

       (Format 2 only.) Enable or disable the modification bit for a specified segment.
		      If this is enabled, it is denoted by the flag for the segment listing in the output.

       Enable or disable the modification bit for the file's data segment(s).
		      If this is enabled, it is denoted by the flag for the segment listing in the output.

       or	      the  dynamic loader to automatically preload and also maps shared libraries as private.  The library is used to support heap
		      analysis through GDB.

       Enable or disable the shared library segment merging features.
		      When enabled, all data segments of shared libraries loaded at program startup are merged into a single block.  Data segments
		      for each dynamically loaded library will also be merged with the data segments of its dependent libraries.  Merging of these
		      segments increases run-time performance by allowing the kernel to use larger size page table entries.

       Enable or disable the modification bit for the file's text segment(s).
		      If this is enabled, it is denoted by the flag for the segment listing in the output.

       Enable or disable the
		      flag to control use of in calculating the absolute path of the working directory.  Enabling the flag instructs  the  dynamic
		      loader  to  calculate  the  absolute  path  of  the  current working directory when the parent module (object module, shared
		      library, or executable) is first loaded.	The loader then uses this path for all occurrences of The loader  then	uses  this
		      path for all occurrences of in the dependent libraries.

		      If  there  are no occurrences of you should disable the flag, to avoid calculating the absolute path.  By default, if is not
		      present, the flag is disabled.

       (Format 2 only.)  Set the page size for a specified segment.

       Request a particular virtual memory page size that
		      should be used for data.	Sizes of and are supported.  A size of results in using the default page size.	A size of  results
		      in using the largest page size available.  The actual page size may vary if the requested size cannot be fulfilled.

       Request a particular virtual memory page size that
		      should be used for text (instructions).  See the option for additional information.

       Request static branch prediction when executing this
		      program.	 The  flags and turn this request on and off, respectively.  If this is enabled, it is denoted by the flag for the
		      segment listing in the output.

       This is an     to the option.

       Control whether the directory path list specified with the
		      and environment variable can be used to locate shared libraries needed by the program.  The two  flag  values,  and  respec-
		      tively  enable  and disable use of the environment variable.  If both and are used, their relative order on the command line
		      indicates which path list will be searched first.  See the option.

       (Format 2 only.)
		      Specify a segment using an address for a set of attribute modifications.

       (Format 2 only.)
		      Use all segments in the file for a set of attribute modifications.

       (Format 2 only.)
		      Specify a segment using a segment index number for a set of attribute modifications.

       Enable or disable lazy swap on all data segments (using FORMAT 1) or on a
		      specific segment (using 2).  The flags and turn this request on or off respectively.  May not be	used  with  non-data  seg-
		      ments.

       Enable or disable dynamic instrumentation by
		      If  enabled, the dynamic loader (see dld.so(5)) will automatically invoke upon program execution to collect profile informa-
		      tion.

   Restricting Execute Permission on Stacks
       A frequent or common method of breaking into systems is by maliciously overflowing buffers on a program's stack, such as passing  unusually
       long, carefully chosen command line arguments to a privileged program that does not expect them.  Malicious unprivileged users can use this
       technique to trick a privileged program into starting a superuser shell for them, or to perform similar unauthorized actions.

       One simple yet highly effective way to reduce the risk from this type of attack is to remove the execute permission from a program's  stack
       pages.  This improves system security without sacrificing performance and has no negative effects on the vast majority of legitimate appli-
       cations.  The changes described in this section only affect the very small number of programs that try to execute (or are tricked into exe-
       cuting) instructions located on the program's stack(s).

       If  the	stack  protection  feature  described  in this section is enabled for a program and that program attempts to execute code from its
       stack(s), the HP-UX kernel will terminate the program with a signal, display a message referring to this manual page section,  and  log	an
       error message to the system message log (use to view the error message).  The message logged by the kernel is:

       If  you see one of these messages, check with the program's owner to determine whether this program is legitimately executing code from its
       stack.  If it is, you can use one or both of the methods described below to make the program functional	again.	 If  the  program  is  not
       legitimately executing code from its stack, you should suspect malicious activity and take appropriate action.

       HP-UX provides two options to permit legitimate execution from a program's stack(s).  Combinations of these two options help make site-spe-
       cific tradeoffs between security and compatibility.

       The first method is the use of the option of and affects individual programs.  It is typically used to specify  that  a	particular  binary
       must  be able to execute from its stack, regardless of the system default setting.  This allows a restrictive system default while not pre-
       venting legitimate programs from executing code on their stack(s).  Ideally this  option  should  be  set  (if  needed)	by  the  program's
       provider, to minimize the need for manual intervention by whomever installs the program.

       An  alternate  method is setting the kernel tunable parameter, to set a system-wide default for whether stacks are executable.  Setting the
       parameter to 1 (one) with (see sam(1M)) tells the HP-UX kernel to allow programs to execute on the program stack(s).  Use this  setting	if
       compatibility  with older releases is more important than security.  Setting the parameter to  0 (zero), the recommended setting, is appro-
       priate if security is more important than compatibility.  This setting significantly improves system security with minimal, if  any,  nega-
       tive effects on legitimate applications.

       Combinations  of  these	settings  may be appropriate for many applications.  For example, after setting to 0, you may find that one or two
       critical applications no longer work because they have a legitimate need to execute from their stack(s).  Programs such	as  simulators	or
       interpreters  that  use	self-modifying	code  are  examples  you might encounter.  To obtain the security benefits of a restrictive system
       default while still letting these specific applications run correctly, set to 0, and run on the specific binaries that need to execute code
       from  their  stack(s).  These binaries can be easily identified when they are executed, because they will print error messages referring to
       this manual page.

       The possible settings for are as follows:

	    A setting of 0 (the default value) causes stacks to be non-executable
		   and is strongly preferred from a security perspective.

	    A setting of 1
		   causes all program stacks to be executable, and is safest from a compatibility perspective but is the least secure setting  for
		   this parameter.

	    A setting of 2
		   is  equivalent  to  a  setting of 0, except that it gives non-fatal warnings instead of terminating a process that is trying to
		   execute from its stack.  Using this setting is helpful for users to gain confidence that using a value of 0 will not hurt their
		   legitimate applications.  Again, there is less security protection.

       The table below summarizes the results from using the possible combinations of and when executing from the program's stack.  Running relies
       solely on the setting of the kernel tunable parameter when deciding whether or not to grant execute permission for stacks and is equivalent
       to not having run on the binary.

       chatr +es	    executable_stack   Action
       ---------------------------------------------------------------
       enable			   1	       program runs normally
       disable or		   1	       program runs normally
	 chatr is not run
       ---------------------------------------------------------------
       enable			   0	       program runs normally
       disable or		   0	       program is killed
	 chatr is not run
       ---------------------------------------------------------------
       enable			   2	       program runs normally
       disable or		   2	       program runs normally
	 chatr is not run		       with warning displayed

RETURN VALUE

       returns	zero  on  success.  If the command line contents is syntactically incorrect, or one or more of the specified files cannot be acted
       upon, returns information about the files whose attributes could not be modified.  If no files are specified, returns decimal 255.

   Illegal options
       If you use an illegal option, returns the number of non-option words present after the first illegal option.  The following example returns
       4:

   Invalid arguments
       If you use an invalid argument with a valid option and you do not specify a file name, returns 0, as in this example:

       If  you	specify  a file name (regardless of whether or not the file exists), returns the number of files specified.  The following example
       returns 3:

   Invalid files
       If the command cannot act on any of the files given, it returns the total number of files specified (if some option is specified).   Other-
       wise  it returns the number of files upon which it could not act.  If does not have read/write permission, the first of the following exam-
       ples returns 4 and the second returns 1:

EXTERNAL INFLUENCES

   Environment Variables
       The following internationalization variables affect the execution of

       Determines the locale category for native language, local customs and
			 coded character set in the absence of and other environment variables.  If is not  specified  or  is  set  to	the  empty
			 string, a default of (see lang(5)) is used instead of

       Determines the values for all locale categories and has precedence over
			 and other environment variables.

       Determines the locale category for character handling functions.

       Determines the locale that should be used to affect the format
			 and contents of diagnostic messages written to standard error.

       Determines the locale category for numeric formatting.

       Determines the location of message catalogues for the processing
			 of

       If  any	internationalization  variable	contains an invalid setting, behaves as if all internationalization variables are set to See envi-
       ron(5).

       In addition, the following environment variable affects

       Specifies a directory
			 for temporary files (see tmpnam(3S)).

EXAMPLES

       Change to demand-loaded

       Change binding mode of program file that uses shared libraries to immediate and nonfatal.  Also enable usage of environment variable:

       Disallow run-time path lookup for the shared library that the shared library depends on:

       Given segment index number 5 from a previous run of change the page size to 4 kilobytes:

       To set the modify bit of a specific segment, first find the index or address number of the segment.

	      chatr a.out

	      a.out:
		 32-bit ELF executable
		 shared library dynamic path search:
		     LD_LIBRARY_PATH	enabled  first
		     SHLIB_PATH 	enabled  second
		     embedded path	enabled  third	/CLO/TAHOE_BE/usr/lib/hpux32
		 shared library list:
		     libsin.so
		     libc.so.1
		 shared library binding:
		     deferred
		 global hash table enabled
		 global hash table size 100
		 shared library mapped private disabled
		 shared vtable support disabled
		 segments:
		     index type     address	 flags size
			 5 text     04000000	 ----c	  D (default)
			 6 data     40000000	 ---m-	  L (largest possible)
		 executable from stack: D (default)
		 kernel assisted branch prediction enabled
		 lazy swap allocation for dynamic segments disabled

       For Format 2, for a text segment, use the following:

       or

       For Format 1, use the following:

WARNINGS

       This release of the command no longer supports the following options:

       o
       o
       o
       o
       o
       o
       o
       o

AUTHOR

       was developed by HP.

SEE ALSO

   System Tools
       ld(1)		 invoke the link editor
       dld.so(5)	 dynamic loader

   Miscellaneous
       a.out(4) 	   assembler, compiler, and linker output
       magic(4) 	   magic number for HP-UX implementations
       sam(1M)		   system administration manager
       executable_stack(5) controls whether program stacks are executable by default

   Texts and Tutorials
       (See the 	 option)
       (See		 manuals(5) for ordering information)

Integrity Systems Only														       chatr_ia(1)