This is paxctl for controlling PaX flags on a per binary basis. PaX is an intrusion prevention system that provides the best protection mechanisms against memory corruption bugs. Some applications are not compatible with certain features (due to design or bad engineering) and therefore they have to be exempted from certain enforcements. It is also possible to use PaX in soft mode where none of the protection mechanisms are active by default - here paxctl can be used to turn them on for selected programs (e.g., network daemons, programs that process network data such as mail clients, web browsers, etc). PaX is provided by a separate kernel patch, that you need to install manually. You can get it from: https://grsecurity.net/