W^X

W^X ("Write XOR Execute"; spoken as W xor X^[1]) is the name of a security feature in operating systems and virtual machines. It is a memory protection policy whereby every page in a process' address space is either writable or executable, but not both simultaneously. The name comes from the XOR Boolean operator which outputs 'true' only when either one or the other operand is true, but not both. For a program to comply with the policy, it may need to be modified. W^X does not prevent applications from requesting WX (both writeable and executable permissions at the same time for the same memory), WX permissions simply are not used as a matter of policy. The policy alleviates some buffer overflow attacks, including the most common stack-based attack: by ensuring that the stack is not executable, arbitrary code injected into it will not execute but instead cause the program to terminate.

W^X is relatively simple on processors which support fine-grained page permissions, such as Sun's SPARC and SPARC64, AMD's AMD64, Hewlett-Packard's PA-RISC, and HP's (originally Digital Equipment Corporation's) Alpha; some early Intel 64 processors lacked the NX bit required for W^X, but this appeared in later chips. On processors with more limited features, such as the Intel i386, W^X requires using the CS code segment limit as a "line in the sand", a point in the address space above which execution is not permitted and data is located, and below which it is allowed and executable pages are placed.^[2] On all platforms, linker changes were required to separate code (such as trampolines and other code needed for linker and library runtime functions) and data.

History

W^X first appeared in OpenBSD 3.3, released May 2003. Similar features are available for other operating systems, including the PaX and Exec Shield patches for Linux, and NetBSD 4+'s implementation of PaX.

Although this feature has only protected userland programs for most of its existence, in late 2014 and early 2015, Mike Larkin made W^X protect the OpenBSD kernel itself on the AMD64 architecture, with Theo de Raadt aiding the effort. ^[3]

Since 2016, with Firefox 46, its virtual machine for JavaScript also implements the W^X policy.^[4]

References

↑ OpenBSD 3.3 release notes
↑ "i386 W^X". 2003-04-17. Retrieved 19 June 2014.
↑ "W^X protection for the AMD64 kernel".
↑ "W^X JIT-code enabled in Firefox". Retrieved 2016-04-29.

External links

The OpenBSD Project

Operating system	OpenBSD timeline security

Related projects	CARP LibreSSL OpenSSH OpenBGPD OpenIKED OpenOSPFD OpenNTPD OpenSMTPD PF sndio spamd Systrace tmux Xenocara cwm W^X

People	Theo de Raadt Niels Provos OpenBSD Foundation Plaid Tongued Devils

Resources	OpenBSD Journal

This article is issued from Wikipedia - version of the Saturday, April 30, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.

W^X

History

See also

References

External links