chatr(1)

chatr(1)

this manual page.

The possible settings for executable_stack are as follows:

executable_stack = 0

A setting of 0 causes stacks to be non-executable and is strongly preferred from a security per- spective.

executable_stack = 1 (default)

A setting of 1 (the default value) causes all program stacks to be executable, and is safest from a compatibility perspective but is the least secure setting for this parameter.

executable_stack = 2

A setting of 2 is equivalent to a setting of 0, except that it gives non-fatal warnings instead of terminating a process that is trying to execute from its stack. Using this setting is helpful for users to gain con®dence that using a value of 0 will not hurt their legitimate applications. Again, there is less security protection.

The table below summarizes the results from using the possible combinations of chatr +es and executable_stack when executing from the program's stack. Running chatr +es disable relies solely on the setting of the executable_stack kernel tunable parameter when deciding whether or not to grant execute permission for stacks and is equivalent to not having run chatr +es on the binary.

chatr +es

executable_stack

ACTION

 

 

 

enable

1

program runs normally

disable or chatr is not run

1

program runs normally

enable

0

program runs normally

disable or chatr is not run

0

program is killed

enable

2

program runs normally

disable or chatr is not run

2

program runs normally

 

 

with warning displayed

RETURN VALUE

chatr returns zero on success. If the command line contents is syntactically incorrect, or one or more of the speci®ed ®les cannot be acted upon, chatr returns information about the ®les whose attributes could not be modi®ed. If no ®les are speci®ed, chatr returns decimal 255.

Illegal options

For PA32 chatr, if you use an illegal option, chatr returns the number of words in the command line. For example,

chatr +b enable +xyz enable returns 5 (because of illegal option +xyz).

chatr +b enable +xyz enable +mno file1 file2 returns 8.

For PA64 chatr, if you use an illegal option, chatr returns the number of non-option words present after the ®rst illegal option.

chatr +b enable +xyz enable +mno enable +pqr enable file returns 4.

Invalid arguments

If you use an invalid argument with a valid option and you do not specify a ®lename, both PA32 and PA64 chatr return 0.

chatr +b <no argument> returns 0.

For PA32 chatr, if you specify a ®le name (regardless of whether or not the ®le exists), chatr returns number of words in the command line.

chatr +b <no argument> file returns 4.

For PA64 chatr, if you specify a ®le name (regardless of whether or not the ®le exists), chatr returns the number of ®les speci®ed.

chatr +b <no argument> file1 file2 file3 returns 3.

c

HP-UX Release 11i: December 2000

− 5 −

Section 177