$AUUGid: www/data/events/2004/auug2004/theo/mgp00008.txt,v 1.1 2004/09/04 08:42:51 davidp Exp $

W^X - The Mechanism


Many bugs are exploitable because the address space has memory
that is both writeable and executable (permissions = W | X)


Note this location has to be executable

We could make the stack non-executable...

Can we... do better?

How about a generic policy for the whole
address space:
    A page may be either writeable or
    executable, but not both (unless
    application requested...)


We will call this policy

        W ^ X  (W xor X)