| PAXCTL(8) | System Manager's Manual | PAXCTL(8) | 
paxctl —
| paxctl | [ -0|flags]
      program ... | 
paxctl utility is used to list and manipulate PaX
  flags associated with an ELF program. The PaX flags signify to the loader the
  privilege protections to be applied to mapped memory pages, and fuller
  explanations of the specific protections can be found in the
  security(7) manpage.
If -0 option is specified, all PaX flags
    (including reserved bits) are cleared. Otherwise, each flag can be prefixed
    either with a “+” or a “-” sign to add or remove
    the flag, respectively.
The following flags are available:
To view existing flags on a file, execute
    paxctl without any flags.
paxctl utility first appeared in
  NetBSD 4.0.
The paxctl utility is modeled after a tool
    of the same name available for Linux from the PaX project.
paxctl utility currently uses
  elf(5) “note”
  sections to mark executables as having PaX flags enabled. This will be done
  using fileassoc(9) in the
  future so that we can control who does the marking and not altering the binary
  file signature. (Note this also means that at present any flags set do not
  survive binary file upgrades.)
| June 23, 2023 | NetBSD 10.1 |