Updating previews

1 files changed, 679 insertions, 0 deletions

diff --git a/html/revdep-pax.html b/html/revdep-pax.html
new file mode 100644
index 0000000..ee4e6d4
--- /dev/null
+++ b/html/revdep-pax.html
@@ -0,0 +1,679 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<link title="new" rel="stylesheet" href="http://www.gentoo.org/css/main.css" type="text/css">
+<link REL="shortcut icon" HREF="http://www.gentoo.org/favicon.ico" TYPE="image/x-icon">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/www-gentoo-org.xml" title="Gentoo Website">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/forums-gentoo-org.xml" title="Gentoo Forums">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/bugs-gentoo-org.xml" title="Gentoo Bugzilla">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/packages-gentoo-org.xml" title="Gentoo Packages">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/archives-gentoo-org.xml" title="Gentoo List Archives">
+<title>Gentoo Linux Documentation
+--
+  Gentoo revdep-pax introduction</title>
+</head>
+<body style="margin:0px;" bgcolor="#ffffff"><table width="100%" border="0" cellspacing="0" cellpadding="0">
+<tr><td valign="top" height="125" bgcolor="#45347b"><a href="http://www.gentoo.org/"><img border="0" src="http://www.gentoo.org/images/gtop-www.jpg" alt="Gentoo Logo"></a></td></tr>
+<tr><td valign="top" align="right" colspan="1" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="0" width="100%"><tr>
+<td width="99%" class="content" valign="top" align="left">
+<br><h1>Gentoo revdep-pax introduction</h1>
+<form name="contents" action="http://www.gentoo.org">
+<b>Content</b>:
+        <select name="url" size="1" OnChange="location.href=form.url.options[form.url.selectedIndex].value" style="font-family:sans-serif,Arial,Helvetica"><option value="#doc_chap1">1. What's revdep-pax about?</option>
+<option value="#doc_chap2">2. Using revdep-pax</option>
+<option value="#doc_chap3">3. Listing PaX Flags and Capabilities</option>
+<option value="#doc_chap4">4. Programming with ELF files</option></select>
+</form>
+<p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1.
+            </span>What's revdep-pax about?</p>
+<p class="secthead"><a name="doc_chap1_sect1">A quick introduction to PaX markings.</a></p>
+<p>
+There are some programs which won't be able to run in an environment with all
+the PaX features enabled, for example you may have a program which has so called
+<span class="emphasis">text relocations</span> or you may have a language interpreter doing JIT code
+compilation and requiring <span class="emphasis">RWX</span> mappings you may also have a program that
+saves data including internal pointers into an mmaped file and which needs to be
+restored in the same place no matter what. You could also be holding a security
+competition and need to disable the execution restrictions and force it to
+use fixed addresses on a particular program so it can be exploited doing a
+simple nop sled based stack overflow to get to the next level. For taking into
+account these issues binaries can be marked to force on or off some of the PaX
+features.
+</p>
+<p>
+Currently, the PaX features that can be lessened or enforced to allow programs
+to run are:
+</p>
+<dl>
+  <dt><b>PAGEEXEC</b></dt>
+  <dd>Paging based execution restrictions. This is what other OSes know as
+  <span class="emphasis">NX</span>.</dd>
+  <dt><b>EMUTRAMP</b></dt>
+  <dd>Trampoline emulation. Required by for amongst other things code with
+  nested functions.</dd>
+  <dt><b>MPROTECT</b></dt>
+  <dd>Prevents the introduction of new executable code in the task. This is the
+  one you are more likely to need disabling with libraries generating JIT code.
+  </dd>
+  <dt><b>RANDMMAP</b></dt>
+  <dd>Randomizes the addresses where mappings are made unless the program
+  explicitly requests one (using the MAP_FIXED flag).</dd>
+  <dt><b>RANDEXEC</b></dt>
+  <dd>This flag is currently deprecated and was used to enforce random placement
+  of the executable part of the binary.</dd>
+  <dt><b>SEGMEXEC</b></dt>
+  <dd>This flag enables segmentation based execution protection. This feature is
+  not available on the amd64 architecture so in that architecture is disables by
+  default.</dd>
+</dl>
+<p>
+There are various ways in which this advice to lessen the environment can be
+provided to the system, amongst others Mandatory Access Control rules, extended
+attributes and two kinds of markings on the binaries themselves, the legacy ones
+which abuse an unused field in the ELF headers and the new ones which add a new
+specific section to the ELF file with the markings.
+</p>
+<p>
+All this markings though are only read in the executable and not in the
+libraries linked by it to prevent some possible attacks (like libraries being
+injected via LD_PRELOAD) and because it eases a lot the implementation since the
+kernel shouldn't be aware of linking details.
+</p>
+<p>
+This system has a problem: if we have a binary linking to a library which
+requires, for example, trampoline emulation because it uses nested functions how
+can we make sure the binary gets the propper markings? Yeah we could add PaX
+marks to the library to state it needs trampoline emulation but still we haven't
+fixed the issue since the kernel will only read the marks on the binary being
+called. In order to solve this issue we have created <span class="code" dir="ltr">revdep-pax</span>.
+</p>
+<p class="secthead"><a name="doc_chap1_sect2">What's revdep-pax?</a></p>
+<p>
+<span class="code" dir="ltr">revdep-pax</span> is a tool that allows to check for differences in PaX markings
+between elf objects linking to libraries (for example <span class="path" dir="ltr">/bin/bash</span>)
+and the libraries themselves (for example <span class="path" dir="ltr">/lib64/libc.so.6</span>).
+</p>
+<p>
+<span class="code" dir="ltr">revdep-pax</span> is able to do this in various ways, it can check for
+differences <span class="emphasis">forward</span> from one binary to all the libraries it links and it
+can also check for PaX marking differences <span class="emphasis">backwards</span> from one library to
+all the binaries linking to it (which may include other libraries too). In a
+similar way it is possible to have all the forward and reverse mappings in the
+system checked to try finding issues.
+</p>
+<p>
+<span class="code" dir="ltr">revdep-pax</span> is also able to propagate these markings both forward to the
+libraries linked by an object and backwards to the objects linked by a library.
+</p>
+<p class="chaphead"><a name="doc_chap2"></a><span class="chapnum">2.
+            </span>Using revdep-pax</p>
+<p class="secthead"><a name="doc_chap2_sect1">Propagating PaX marks backwards from a library to objects that link at it
+</a></p>
+<p>
+This is going to be probably the main way in which you are going to use this
+utility. What it does is check all the libraries linked statically 
+The <span class="code" dir="ltr">scanelf</span> application is part of the <span class="code" dir="ltr">app-misc/pax-utils</span> package.
+With this application you can print out information specific to the ELF
+structure of a binary. The following table sums up the various options.
+</p>
+<table class="ntable">
+<tr>
+  <td class="infohead"><b>Option</b></td>
+  <td class="infohead"><b>Long Option</b></td>
+  <td class="infohead"><b>Description</b></td>
+</tr>
+<tr>
+  <td class="tableinfo">-p</td>
+  <td class="tableinfo">--path</td>
+  <td class="tableinfo">Scan all directories in PATH environment</td>
+</tr>
+<tr>
+  <td class="tableinfo">-l</td>
+  <td class="tableinfo">--ldpath</td>
+  <td class="tableinfo">Scan all directories in /etc/ld.so.conf</td>
+</tr>
+<tr>
+  <td class="tableinfo">-R</td>
+  <td class="tableinfo">--recursive</td>
+  <td class="tableinfo">Scan directories recursively</td>
+</tr>
+<tr>
+  <td class="tableinfo">-m</td>
+  <td class="tableinfo">--mount</td>
+  <td class="tableinfo">Don't recursively cross mount points</td>
+</tr>
+<tr>
+  <td class="tableinfo">-y</td>
+  <td class="tableinfo">--symlink</td>
+  <td class="tableinfo">Don't scan symlinks</td>
+</tr>
+<tr>
+  <td class="tableinfo">-A</td>
+  <td class="tableinfo">--archives</td>
+  <td class="tableinfo">Scan archives (.a files)</td>
+</tr>
+<tr>
+  <td class="tableinfo">-L</td>
+  <td class="tableinfo">--ldcache</td>
+  <td class="tableinfo">Utilize ld.so.cache information (use with -r/-n)</td>
+</tr>
+<tr>
+  <td class="tableinfo">-X</td>
+  <td class="tableinfo">--fix</td>
+  <td class="tableinfo">Try and 'fix' bad things (use with -r/-e)</td>
+</tr>
+<tr>
+  <td class="tableinfo">-z [arg]</td>
+  <td class="tableinfo">--setpax [arg]</td>
+  <td class="tableinfo">Sets EI_PAX/PT_PAX_FLAGS to [arg] (use with -Xx)</td>
+</tr>
+<tr>
+  <td class="infohead"><b>Option</b></td>
+  <td class="infohead"><b>Long Option</b></td>
+  <td class="infohead"><b>Description</b></td>
+</tr>
+<tr>
+  <td class="tableinfo">-x</td>
+  <td class="tableinfo">--pax</td>
+  <td class="tableinfo">Print PaX markings</td>
+</tr>
+<tr>
+  <td class="tableinfo">-e</td>
+  <td class="tableinfo">--header</td>
+  <td class="tableinfo">Print GNU_STACK/PT_LOAD markings</td>
+</tr>
+<tr>
+  <td class="tableinfo">-t</td>
+  <td class="tableinfo">--textrel</td>
+  <td class="tableinfo">Print TEXTREL information</td>
+</tr>
+<tr>
+  <td class="tableinfo">-r</td>
+  <td class="tableinfo">--rpath</td>
+  <td class="tableinfo">Print RPATH information</td>
+</tr>
+<tr>
+  <td class="tableinfo">-n</td>
+  <td class="tableinfo">--needed</td>
+  <td class="tableinfo">Print NEEDED information</td>
+</tr>
+<tr>
+  <td class="tableinfo">-i</td>
+  <td class="tableinfo">--interp</td>
+  <td class="tableinfo">Print INTERP information</td>
+</tr>
+<tr>
+  <td class="tableinfo">-b</td>
+  <td class="tableinfo">--bind</td>
+  <td class="tableinfo">Print BIND information</td>
+</tr>
+<tr>
+  <td class="tableinfo">-S</td>
+  <td class="tableinfo">--soname</td>
+  <td class="tableinfo">Print SONAME information</td>
+</tr>
+<tr>
+  <td class="tableinfo">-s [arg]</td>
+  <td class="tableinfo">--symbol [arg]</td>
+  <td class="tableinfo">Find a specified symbol</td>
+</tr>
+<tr>
+  <td class="tableinfo">-k [arg]</td>
+  <td class="tableinfo">--section [arg]</td>
+  <td class="tableinfo">Find a specified section</td>
+</tr>
+<tr>
+  <td class="tableinfo">-N [arg]</td>
+  <td class="tableinfo">--lib [arg]</td>
+  <td class="tableinfo">Find a specified library</td>
+</tr>
+<tr>
+  <td class="tableinfo">-g</td>
+  <td class="tableinfo">--gmatch</td>
+  <td class="tableinfo">Use strncmp to match libraries. (use with -N)</td>
+</tr>
+<tr>
+  <td class="tableinfo">-T</td>
+  <td class="tableinfo">--textrels</td>
+  <td class="tableinfo">Locate cause of TEXTREL</td>
+</tr>
+<tr>
+  <td class="tableinfo">-E [arg]</td>
+  <td class="tableinfo">--etype [arg]</td>
+  <td class="tableinfo">Print only ELF files matching etype ET_DYN,ET_EXEC ...</td>
+</tr>
+<tr>
+  <td class="tableinfo">-M [arg]</td>
+  <td class="tableinfo">--bits [arg]</td>
+  <td class="tableinfo">Print only ELF files matching numeric bits</td>
+</tr>
+<tr>
+  <td class="tableinfo">-a</td>
+  <td class="tableinfo">--all</td>
+  <td class="tableinfo">Print all scanned info (-x -e -t -r -b)</td>
+</tr>
+<tr>
+  <td class="infohead"><b>Option</b></td>
+  <td class="infohead"><b>Long Option</b></td>
+  <td class="infohead"><b>Description</b></td>
+</tr>
+<tr>
+  <td class="tableinfo">-q</td>
+  <td class="tableinfo">--quiet</td>
+  <td class="tableinfo">Only output 'bad' things</td>
+</tr>
+<tr>
+  <td class="tableinfo">-v</td>
+  <td class="tableinfo">--verbose</td>
+  <td class="tableinfo">Be verbose (can be specified more than once)</td>
+</tr>
+<tr>
+  <td class="tableinfo">-F [arg]</td>
+  <td class="tableinfo">--format [arg]</td>
+  <td class="tableinfo">Use specified format for output</td>
+</tr>
+<tr>
+  <td class="tableinfo">-f [arg]</td>
+  <td class="tableinfo">--from [arg]</td>
+  <td class="tableinfo">Read input stream from a filename</td>
+</tr>
+<tr>
+  <td class="tableinfo">-o [arg]</td>
+  <td class="tableinfo">--file [arg]</td>
+  <td class="tableinfo">Write output stream to a filename</td>
+</tr>
+<tr>
+  <td class="tableinfo">-B</td>
+  <td class="tableinfo">--nobanner</td>
+  <td class="tableinfo">Don't display the header</td>
+</tr>
+<tr>
+  <td class="tableinfo">-h</td>
+  <td class="tableinfo">--help</td>
+  <td class="tableinfo">Print this help and exit</td>
+</tr>
+<tr>
+  <td class="tableinfo">-V</td>
+  <td class="tableinfo">--version</td>
+  <td class="tableinfo">Print version and exit</td>
+</tr>
+</table>
+<p>
+The format specifiers for the <span class="code" dir="ltr">-F</span> option are given in the following table.
+Prefix each specifier with <span class="code" dir="ltr">%</span> (verbose) or <span class="code" dir="ltr">#</span> (silent) accordingly.
+</p>
+<table class="ntable">
+<tr>
+  <td class="infohead"><b>Specifier</b></td>
+  <td class="infohead"><b>Full Name</b></td>
+  <td class="infohead"><b>Specifier</b></td>
+  <td class="infohead"><b>Full Name</b></td>
+</tr>
+<tr>
+  <td class="tableinfo">F</td>
+  <td class="tableinfo">Filename</td>
+  <td class="tableinfo">x</td>
+  <td class="tableinfo">PaX Flags</td>
+</tr>
+<tr>
+  <td class="tableinfo">e</td>
+  <td class="tableinfo">STACK/RELRO</td>
+  <td class="tableinfo">t</td>
+  <td class="tableinfo">TEXTREL</td>
+</tr>
+<tr>
+  <td class="tableinfo">r</td>
+  <td class="tableinfo">RPATH</td>
+  <td class="tableinfo">n</td>
+  <td class="tableinfo">NEEDED</td>
+</tr>
+<tr>
+  <td class="tableinfo">i</td>
+  <td class="tableinfo">INTERP</td>
+  <td class="tableinfo">b</td>
+  <td class="tableinfo">BIND</td>
+</tr>
+<tr>
+  <td class="tableinfo">s</td>
+  <td class="tableinfo">Symbol</td>
+  <td class="tableinfo">N</td>
+  <td class="tableinfo">Library</td>
+</tr>
+<tr>
+  <td class="tableinfo">o</td>
+  <td class="tableinfo">Type</td>
+  <td class="tableinfo">p</td>
+  <td class="tableinfo">File name</td>
+</tr>
+<tr>
+  <td class="tableinfo">f</td>
+  <td class="tableinfo">Base file name</td>
+  <td class="tableinfo">k</td>
+  <td class="tableinfo">Section</td>
+</tr>
+<tr>
+  <td class="tableinfo">a</td>
+  <td class="tableinfo">ARCH/e_machine</td>
+  <td class="tableinfo"></td>
+  <td class="tableinfo"></td>
+</tr>
+</table>
+<p class="secthead"><a name="doc_chap2_sect2">Using scanelf for Text Relocations</a></p>
+<p>
+As an example, we will use <span class="code" dir="ltr">scanelf</span> to find binaries containing text
+relocations.
+</p>
+<p>
+A relocation is an operation that rewrites an address in a loaded segment. Such
+an address rewrite can happen when a segment has references to a shared object
+and that shared object is loaded in memory. In this case, the references are
+substituted with the real address values. Similar events can occur inside the 
+shared object itself.
+</p>
+<p>
+A text relocation is a relocation in the text segment. Since text segments
+contain executable code, system administrators might prefer not to have these
+segments writable. This is perfectly possible, but since text relocations
+actually write in the text segment, it is not always feasible. 
+</p>
+<p>
+If you want to eliminate text relocations, you will need to make sure
+that the application and shared object is built with <span class="emphasis">Position Independent
+Code</span> (PIC), making references obsolete. This not only increases security,
+but also increases the performance in case of shared objects (allowing writes in
+the text segment requires a swap space reservation and a private copy of the
+shared object for each application that uses it).
+</p>
+<p>
+The following example will search your library paths recursively, without
+leaving the mounted file system and ignoring symbolic links, for any ELF binary
+containing a text relocation:
+</p>
+<a name="doc_chap2_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
+<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing2.1: Scanning the system for text relocation binaries</p></td></tr>
+<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
+# <span class="code-input">scanelf -lqtmyR</span>
+</pre></td></tr>
+</table>
+<p>
+If you want to scan your entire system for <span class="emphasis">any</span> file containing text
+relocations:
+</p>
+<a name="doc_chap2_pre2"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
+<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing2.2: Scanning the entire system for text relocation files</p></td></tr>
+<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
+# <span class="code-input">scanelf -qtmyR /</span>
+</pre></td></tr>
+</table>
+<p class="secthead"><a name="doc_chap2_sect3">Using scanelf for Specific Header</a></p>
+<p>
+The scanelf util can be used to quickly identify files that contain a 
+given section header using the -k .section option.
+</p>
+<p>
+In this example we are looking for all files in /usr/lib/debug 
+recursively using a format modifier with quiet mode enabled that have been 
+stripped. A stripped elf will lack a .symtab entry, so we use the '!' 
+to invert the matching logic.
+</p>
+<a name="doc_chap2_pre3"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
+<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing2.3: Scanning for stripped or non stripped executables</p></td></tr>
+<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
+# <span class="code-input">scanelf -k '!.symtab' /usr/lib/debug -Rq -F%F#k</span>
+</pre></td></tr>
+</table>
+<p class="secthead"><a name="doc_chap2_sect4">Using scanelf for Specific Segment Markings</a></p>
+<p>
+Each segment has specific flags assigned to it in the Program Header of the
+binary. One of those flags is the type of the segment. Interesting values are
+PT_LOAD (the segment must be loaded in memory from file), PT_DYNAMIC (the
+segment contains dynamic linking information), PT_INTERP (the segment 
+contains the name of the program interpreter), PT_GNU_STACK (a GNU extension
+for the ELF format, used by some stack protection mechanisms), and PT_PAX_FLAGS
+(a PaX extension for the ELF format, used by the security-minded 
+<a href="http://pax.grsecurity.net/">PaX Project</a>.
+</p>
+<p>
+If we want to scan all executables in the current working directory, PATH
+environment and library paths and report those who have a writable and
+executable PT_LOAD or PT_GNU_STACK marking, you could use the following command:
+</p>
+<a name="doc_chap2_pre4"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
+<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing2.4: Scanning for Write/eXecute flags for PT_LOAD and PT_GNU_STACK</p></td></tr>
+<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
+# <span class="code-input">scanelf -lpqe .</span>
+</pre></td></tr>
+</table>
+<p class="secthead"><a name="doc_chap2_sect5">Using scanelf's Format Modifier Handler</a></p>
+<p>
+A useful feature of the <span class="code" dir="ltr">scanelf</span> utility is the format modifier handler.  
+With this option you can control the output of <span class="code" dir="ltr">scanelf</span>, thereby 
+simplifying parsing the output with scripts.
+</p>
+<p>
+As an example, we will use <span class="code" dir="ltr">scanelf</span> to print the file names that contain
+text relocations:
+</p>
+<a name="doc_chap2_pre5"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
+<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing2.5: Example of the scanelf format modifier handler</p></td></tr>
+<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
+# <span class="code-input">scanelf -l -p -R -q -F "%F #t"</span>
+</pre></td></tr>
+</table>
+<p class="chaphead"><a name="pspax"></a><a name="doc_chap3"></a><span class="chapnum">3.
+            </span>Listing PaX Flags and Capabilities</p>
+<p class="secthead"><a name="doc_chap3_sect1">About PaX</a></p>
+<p>
+<a href="http://pax.grsecurity.net">PaX</a> is a project hosted by the <a href="http://www.grsecurity.net">grsecurity</a> project. Quoting the <a href="http://pax.grsecurity.net/docs/pax.txt">PaX documentation</a>, its main 
+goal is "to research various defense mechanisms against the exploitation of 
+software bugs that give an attacker arbitrary read/write access to the 
+attacked task's address space. This class of bugs contains among others 
+various forms of buffer overflow bugs (be they stack or heap based), user
+supplied format string bugs, etc."
+</p>
+<p>
+To be able to benefit from these defense mechanisms, you need to run a Linux
+kernel patched with the latest PaX code. The <a href="http://hardened.gentoo.org">Hardened Gentoo</a> project supports PaX and
+its parent project, grsecurity. The supported kernel package is
+<span class="code" dir="ltr">sys-kernel/hardened-sources</span>.
+</p>
+<p>
+The Gentoo/Hardened project has a <a href="pax-quickstart.html">Gentoo PaX Quickstart Guide</a>
+for your reading pleasure.
+</p>
+<p class="secthead"><a name="doc_chap3_sect2">Flags and Capabilities</a></p>
+<p>
+If your toolchain supports it, your binaries can have additional PaX flags in
+their Program Header. The following flags are supported:
+</p>
+<table class="ntable">
+<tr>
+  <td class="infohead"><b>Flag</b></td>
+  <td class="infohead"><b>Name</b></td>
+  <td class="infohead"><b>Description</b></td>
+</tr>
+<tr>
+  <td class="tableinfo">P</td>
+  <td class="tableinfo">PAGEEXEC</td>
+  <td class="tableinfo">
+    Refuse code execution on writable pages based on the NX bit
+    (or emulated NX bit)
+  </td>
+</tr>
+<tr>
+  <td class="tableinfo">S</td>
+  <td class="tableinfo">SEGMEXEC</td>
+  <td class="tableinfo">
+    Refuse code execution on writable pages based on the
+    segmentation logic of IA-32
+  </td>
+</tr>
+<tr>
+  <td class="tableinfo">E</td>
+  <td class="tableinfo">EMUTRAMP</td>
+  <td class="tableinfo">
+    Allow known code execution sequences on writable pages that
+    should not cause any harm
+  </td>
+</tr>
+<tr>
+  <td class="tableinfo">M</td>
+  <td class="tableinfo">MPROTECT</td>
+  <td class="tableinfo">
+    Prevent the creation of new executable code to the process
+    address space
+  </td>
+</tr>
+<tr>
+  <td class="tableinfo">R</td>
+  <td class="tableinfo">RANDMMAP</td>
+  <td class="tableinfo">
+    Randomize the stack base to prevent certain stack overflow
+    attacks from being successful
+  </td>
+</tr>
+<tr>
+  <td class="tableinfo">X</td>
+  <td class="tableinfo">RANDEXEC</td>
+  <td class="tableinfo">
+    Randomize the address where the application maps to prevent
+    certain attacks from being exploitable
+  </td>
+</tr>
+</table>
+<p>
+The default Linux kernel also supports certain capabilities, grouped in the
+so-called <span class="emphasis">POSIX.1e Capabilities</span>. You can find a listing of those
+capabilities in our <a href="capabilities.html">POSIX Capabilities</a> document.
+</p>
+<p class="secthead"><a name="doc_chap3_sect3">Using pspax</a></p>
+<p>
+The <span class="code" dir="ltr">pspax</span> application, part of the <span class="code" dir="ltr">pax-utils</span> package, displays the
+run-time capabilities of all programs you have permission for. On Linux kernels
+with additional support for extended attributes (such as SELinux) those
+attributes are shown as well.
+</p>
+<p>
+When ran, <span class="code" dir="ltr">pspax</span> shows the following information:
+</p>
+<table class="ntable">
+<tr>
+  <td class="infohead"><b>Column</b></td>
+  <td class="infohead"><b>Description</b></td>
+</tr>
+<tr>
+  <td class="tableinfo">USER</td>
+  <td class="tableinfo">Owner of the process</td>
+</tr>
+<tr>
+  <td class="tableinfo">PID</td>
+  <td class="tableinfo">Process id</td>
+</tr>
+<tr>
+  <td class="tableinfo">PAX</td>
+  <td class="tableinfo">Run-time PaX flags (if applicable)</td>
+</tr>
+<tr>
+  <td class="tableinfo">MAPS</td>
+  <td class="tableinfo">Write/eXecute markings for the process map</td>
+</tr>
+<tr>
+  <td class="tableinfo">ELF_TYPE</td>
+  <td class="tableinfo">Process executable type: ET_DYN or ET_EXEC</td>
+</tr>
+<tr>
+  <td class="tableinfo">NAME</td>
+  <td class="tableinfo">Name of the process</td>
+</tr>
+<tr>
+  <td class="tableinfo">CAPS</td>
+  <td class="tableinfo">POSIX.1e capabilities (see note)</td>
+</tr>
+<tr>
+  <td class="tableinfo">ATTR</td>
+  <td class="tableinfo">Extended attributes (if applicable)</td>
+</tr>
+</table>
+<table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#bbffbb"><p class="note"><b>Note: </b>
+<span class="code" dir="ltr">pspax</span> only displays these capabilities when it is linked with
+the external capabilities library. This requires you to build <span class="code" dir="ltr">pax-utils</span>
+with -DWANT_SYSCAP.
+</p></td></tr></table>
+<p>
+By default, <span class="code" dir="ltr">pspax</span> does not show any kernel processes. If you want those
+to be taken as well, use the <span class="code" dir="ltr">-a</span> switch.
+</p>
+<p class="chaphead"><a name="dumpelf"></a><a name="doc_chap4"></a><span class="chapnum">4.
+            </span>Programming with ELF files</p>
+<p class="secthead"><a name="doc_chap4_sect1">The dumpelf Utility</a></p>
+<p>
+With the <span class="code" dir="ltr">dumpelf</span> utility you can convert a ELF file into human readable C
+code that defines a structure with the same image as the original ELF file.
+</p>
+<a name="doc_chap4_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
+<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing4.1: dumpelf example</p></td></tr>
+<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
+$ <span class="code-input">dumpelf /bin/hostname</span>
+#include &lt;elf.h&gt;
+
+<span class="code-comment">/*
+ * ELF dump of '/bin/hostname'
+ *     10276 (0x2824) bytes
+ */</span>
+
+struct {
+        Elf32_Ehdr ehdr;
+        Elf32_Phdr phdrs[8];
+        Elf32_Shdr shdrs[26];
+} dumpedelf_0 = {
+
+.ehdr = {
+<span class="code-comment">(... Output stripped ...)</span>
+</pre></td></tr>
+</table>
+<br><p class="copyright">
+	The contents of this document, unless otherwise expressly stated, are licensed under the <a href="http://creativecommons.org/licenses/by-sa/2.5">CC-BY-SA-2.5</a> license. The <a href="http://www.gentoo.org/main/en/name-logo.xml"> Gentoo Name and Logo Usage Guidelines </a> apply.
+  </p>
+<!--
+  <rdf:RDF xmlns="http://web.resource.org/cc/"
+      xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
+  
+  <license rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
+    
+     <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
+     <permits rdf:resource="http://web.resource.org/cc/Distribution" />
+     <requires rdf:resource="http://web.resource.org/cc/Notice" />
+     <requires rdf:resource="http://web.resource.org/cc/Attribution" />
+     <permits rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
+     <requires rdf:resource="http://web.resource.org/cc/ShareAlike" />
+  </License>
+  </rdf:RDF>
+--><br>
+</td>
+<td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
+<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="klondike?style=printable">Print</a></p></td></tr>
+<tr><td class="topsep" align="center"><p class="alttext">Page updated February 19, 2012</p></td></tr>
+<tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
+This guide provides an introduction to revdep-pax and how to use it to propagate
+the PaC markings caused by libraries requiring them, for example, libraries
+requiring RWX memory in order to process JIT code.
+</p></td></tr>
+<tr><td align="left" class="topsep"><p class="alttext">
+  <a href="mailto:klondike@gentoo.org" class="altlink"><b>Francisco Blas Izquierdo Riera</b></a>
+<br><i>Author</i><br></p></td></tr>
+<tr lang="en"><td align="center" class="topsep">
+<p class="alttext"><b>Donate</b> to support our development efforts.
+        </p>
+<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
+<input type="hidden" name="cmd" value="_xclick"><input type="hidden" name="business" value="paypal@gentoo.org"><input type="hidden" name="item_name" value="Gentoo Linux Support"><input type="hidden" name="item_number" value="1000"><input type="hidden" name="image_url" value="http://www.gentoo.org/images/paypal.png"><input type="hidden" name="no_shipping" value="1"><input type="hidden" name="return" value="http://www.gentoo.org"><input type="hidden" name="cancel_return" value="http://www.gentoo.org"><input type="image" src="http://images.paypal.com/images/x-click-but21.gif" name="submit" alt="Donate to Gentoo">
+</form>
+</td></tr>
+<tr lang="en"><td align="center"><iframe src="http://sidebar.gentoo.org" scrolling="no" width="125" height="850" frameborder="0" style="border:0px padding:0x" marginwidth="0" marginheight="0"><p>Your browser does not support iframes.</p></iframe></td></tr>
+</table></td>
+</tr></table></td></tr>
+<tr><td colspan="2" align="right" class="infohead">
+Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
+</td></tr>
+</table></body>
+</html>