
W^X - The Mechanism


Many bugs are exploitable because the address space contains memory that
is both writeable and executable (permissions = W | X)

A serious hinderance would be to ensure no pages have W | X permission

We call this W ^ X  (W xor X)

Architectures, in the sequence implemented:

sparc, sparc64, alpha  per-page X bit
i386                   code segment limit
powerpc                per-segment X bit (not yet done)
hppa                   per-page X bit
vax, m68k              not possible
mips                   not possible yet (tlb hacks?)
m88k                   per-page X bit (not done yet)

Binary changes are required for i386 or powerpc

Note: Some modern cpus lack per-page X bits.  Using model-specific
           TLB handling (often undocumented) it may be possible to do this.
           Sometimes this has significant performance consequences.

