Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
W^X
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== History == W^X was first implemented in [[OpenBSD]] 3.3, released May 2003. In 2004, Microsoft introduced a similar feature called DEP ([[Data Execution Prevention]]) in [[Microsoft Windows|Windows]] XP. Similar features are available for other operating systems, including the [[PaX]] and [[Exec Shield]] patches for [[Linux]], and [[NetBSD]]'s implementation of PaX. In [[Red Hat Enterprise Linux]] (and automatically [[CentOS]]) version 5, or by Linux Kernel 2.6.18-8, [[SELinux]] received the {{code|allow_execmem}}, {{code|allow_execheap}}, and {{code|allow_execmod}} policies that provide W^X when disabled. Although W^X (or DEP) has only protected userland programs for most of its existence, in 2012 Microsoft extended it to the Windows kernel on the x86 and ARM architectures.<ref>{{cite web|title=Exploit mitigation improvements in Win8|url=https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Miller2}}</ref> In late 2014 and early 2015, W^X was added in the OpenBSD kernel on the AMD64 architecture.<ref>{{cite web|title=W^X protection for the AMD64 kernel| url= https://marc.info/?l=openbsd-tech&m=142120787308107&w=2}}</ref> In early 2016, W^X was fully implemented on NetBSD's AMD64 kernel and partially on the i386 kernel. [[macOS]] computers running on [[Apple silicon]] processors enforce W^X for all programs. Intel-based Macs enforce the policy only for programs that use the OS's Hardened Runtime mode.<ref>{{Cite web |title=Porting Just-In-Time Compilers to Apple Silicon |url=https://developer.apple.com/documentation/apple-silicon/porting-just-in-time-compilers-to-apple-silicon |access-date=2022-04-17 |website=developer.apple.com}}</ref><ref>{{Cite web |date=2020-07-17 |title=ARM Macs FAQ |url=https://www.securemac.com/news/arm-macs-faq |access-date=2022-04-17 |publisher=SecureMac |language=en}}</ref> Starting with [[Firefox]] 46 in 2016 and ending with [[Firefox]] 116 in 2023, Firefox's virtual machine for [[JavaScript]] implemented the W^X policy.<ref name=firefox>{{cite web|title=W^X JIT-code enabled in Firefox| url = http://jandemooij.nl/blog/2015/12/29/wx-jit-code-enabled-in-firefox |access-date=2016-04-29}}</ref> This was later rolled back on some platforms for performance reasons, though remained in others which enforce W^X for all programs.<ref>{{cite web |title=1835876 - Consider disabling code memory protection in the content process |url=https://bugzilla.mozilla.org/show_bug.cgi?id=1835876 |website=bugzilla.mozilla.org |publisher=Mozilla |access-date=1 July 2024 |language=en-us}}</ref> Starting with .NET 6.0 in 2021, .NET now uses W^X.<ref name=":0">{{cite web |title=What's new in .NET 6 |url=https://docs.microsoft.com/en-us/dotnet/core/whats-new/dotnet-6#security |website=docs.microsoft.com |publisher=Microsoft |access-date=9 November 2021 |language=en-us}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)