W^X - The Mechanism Many bugs are exploitable because the address space contains memory that is both writeable and executable (permissions = W | X) A serious hinderance would be to ensure no pages have W | X permission We call this W ^ X (W xor X) Architectures, in the sequence implemented: sparc, sparc64, alpha, amd64, (ia64) per-page X bit i386 code segment limit powerpc per-segment X bit (not yet done) hppa per-page X bit vax, m68k not possible mips, arm not possible yet (tlb hacks?) (m88k) per-page X bit (not done yet) Binary changes are required for i386 or powerpc Note: Some modern cpus lack per-page X bits. Using model-specific TLB handling (often undocumented) it may be possible to do this. Sometimes this has significant performance consequences.