From Wikipedia, the free encyclopedia
Jump to: navigation, search

W^X ("Write XOR Execute"; spoken as double-u ex-or ex[1]) is the name of a security feature present in the OpenBSD operating system. It is a memory protection policy whereby every page in a process' address space is either writable or executable, but not both simultaneously. The name comes from the XOR Boolean operator which outputs 'true' only when the two operands are complements; 'true' and 'false', or 'false' and 'true'. W^X does not prevent these permissions from being requested by applications, write and executable permissions are not used as a matter of policy. The OpenBSD base system has been modified to comply with it. This alleviates some buffer overflow attacks, including the most common stack-based attack: by ensuring that the stack is not executable, arbitrary code injected into it will not execute but instead cause the program to terminate. W^X first appeared in OpenBSD 3.3, released May 2003. Similar features are available for other operating systems, including the PaX and Exec Shield patches for Linux, and NetBSD 4+'s implementation of PaX.

W^X is relatively simple on processors which support fine-grained page permissions, such as Sun's SPARC and SPARC64, AMD's AMD64, Hewlett-Packard's PA-RISC, and HP's (originally Digital Equipment Corporation's) Alpha; some early Intel 64 processors lacked the NX bit required for W^X, but this appeared in later chips. On processors with more limited features, such as the Intel i386, W^X requires using the CS code segment limit as a "line in the sand", a point in the address space above which execution is not permitted and data is located, and below which it is allowed and executable pages are placed.[2] On all platforms, linker changes were required to separate code (such as trampolines and other code needed for linker and library runtime functions) and data.

See also[edit]


  1. ^ OpenBSD 3.3 release notes
  2. ^ "i386 W^X". 2003-04-17. Retrieved 19 June 2014. 

External links[edit]