W^X - The Mechanism


Many bugs are exploitable because the address space contains memory that
is both writeable and executable (permissions = W | X)

A serious hinderance would be to ensure no pages have W | X permission

We call this W ^ X  (W xor X)

Architectures, in the sequence implemented:

sparc, sparc64, alpha,      
amd64, (ia64)                per-page X bit
i386                         code segment limit
powerpc                      per-segment X bit (not yet done)
hppa                         per-page X bit
vax, m68k                    not possible
mips, arm                    not possible yet (tlb hacks?)
(m88k)                       per-page X bit (not done yet)

Binary changes are required for i386 or powerpc

Note: Some modern cpus lack per-page X bits.  Using model-specific
           TLB handling (often undocumented) it may be possible to do this.
           Sometimes this has significant performance consequences.