
W^X Mechanism (continued..)


In summary, to get to W^X on cpus supporting a per-page X bit:

Sigtramp moves out of the stack
GOT/PLT becomes non-writeable (moved into own pages)
dtor/ctor becomes non-writeable (moved into other pages)

But the i386 needs:

Code segment limit set at 512MB
All executable parts moved below, all writeable parts moved above

powerpc:

Similar tricks as the i386, but more complicated
... but not yet written

Maybe W^X inside the kernel, in the future? :)

IMPROVES PERFORMANCE: 	Some architectures sped up (due to TLB colouring)
IMPROVES SECURITY:		Even partial W^X finds software bugs
VERY LOW COST:		All OS vendors should be heading in this direction

