Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
W^X
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Compatibility == Some early [[Intel 64]] processors lacked the [[NX bit]] required for W^X, but this appeared in later chips. On more limited processors such as the [[Intel]] [[i386]], W^X requires using the CS [[code segment]] limit as a "[[line in the sand]]", a point in the address space above which execution is not permitted and data is located, and below which it is allowed and executable pages are placed. This scheme was used in [[Exec Shield]].<ref>{{cite web|title=i386 W^X|url=http://marc.info/?l=openbsd-misc&m=105056000801065| date= 2003-04-17 |access-date=19 June 2014}}</ref> [[Linker (computing)|Linker]] changes are generally required to separate data from code (such as [[trampoline (computers)|trampoline]]s that are needed for linker and [[library (computer science)|library]] [[run-time system|runtime]] functions). The switch allowing mixing is usually called <code>execstack</code> on Unix-like systems<ref>{{man|8|execstack|ManKier}}.</ref> W^X can also pose a minor problem for [[just-in-time compilation]], which involves an interpreter generating machine code on the fly and then running it. The simple solution used by most, historically including [[Firefox]], involves just making the page executable after the interpreter is done writing machine code, using {{code|VirtualProtect}} on Windows or {{code|mprotect}} on Unix-like operating systems. The other solution involves mapping the same region of memory to two pages, one with RW and the other with RX.<ref name=firefox/> There is no simple consensus on which solution is safer: supporters of the latter approach believe allowing a page that has ever been writable to be executed defeats the point of W^X (there exists an [[SELinux]] policy to control such operations called {{code|allow_execmod}}) and that [[address space layout randomization]] would make it safe to put both pages in the same process. Supporters of the former approach believe that the latter approach is only safe when the two pages are given to two separate processes, and [[inter-process communication]] would be costlier than calling {{code|mprotect}}.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)