
W^X - The Mechanism


Many bugs are exploitable because the address space has memory
that is both writeable and executable (permissions = W | X)


Note this location has to be executable

We could make the stack non-executable...

Can we... do better?

How about a generic policy for the whole
address space:
    A page may be either writeable or
    executable, but not both (unless
    application requested...)


We will call this policy

        W ^ X  (W xor X)

