CVS commit: src/usr.sbin/paxctl

Sun, 20 Aug 2023 19:16:06 -0700 

Module Name:    src
Committed By:   dholland
Date:           Mon Aug 21 00:41:49 UTC 2023

Modified Files:
        src/usr.sbin/paxctl: paxctl.8

Log Message:
paxctl(8): it is not a bug that paxctl settings are persistent.

Nor is it a bug that they're applied to the file rather than stored in
some magic secret database where they survive reinstalls, which the
prior wording seems to suggest was the eventual intention.

It is worth noting that they change the target file, so still say that.


To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 src/usr.sbin/paxctl/paxctl.8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/usr.sbin/paxctl/paxctl.8
diff -u src/usr.sbin/paxctl/paxctl.8:1.21 src/usr.sbin/paxctl/paxctl.8:1.22
--- src/usr.sbin/paxctl/paxctl.8:1.21	Wed Aug 16 22:22:02 2023
+++ src/usr.sbin/paxctl/paxctl.8	Mon Aug 21 00:41:49 2023
@@ -1,4 +1,4 @@
-.\"	$NetBSD: paxctl.8,v 1.21 2023/08/16 22:22:02 gutteridge Exp $
+.\"	$NetBSD: paxctl.8,v 1.22 2023/08/21 00:41:49 dholland Exp $
 .\"
 .\" Copyright 2006 Elad Efrat <e...@netbsd.org>
 .\" Copyright 2008 Christos Zoulas <chris...@netbsd.org>
@@ -23,7 +23,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd June 23, 2023
+.Dd August 20, 2023
 .Dt PAXCTL 8
 .Os
 .Sh NAME
@@ -104,17 +104,17 @@ PaX project.
 .Sh AUTHORS
 .An Elad Efrat Aq Mt e...@netbsd.org
 .An Christos Zoulas Aq Mt chris...@netbsd.org
-.Sh BUGS
+.Sh RESTRICTIONS
 The
 .Nm
-utility currently uses
+utility uses
 .Xr elf 5
-note sections to mark executables as having PaX flags enabled.
-This will be done using
-.Xr fileassoc 9
-in the future so that we can control who does the marking and
-not alter the binary file signature.
-.Po
-Note this also means that
-at present any flags set do not survive binary file upgrades.
-.Pc
+note sections to mark executables with PaX flags.
+This means that, as one might expect, the PaX settings do not persist
+if the program file is replaced.
+It also means that running
+.Nm
+changes the target executable, which can be undesirable in production.
+In general,
+.Nm
+settings should be applied to programs at build time.

Reply via email to