W^X ("Write XOR Execute"; spoken as W xor X) is a security feature in operating systems and virtual machines. It is a memory protection policy whereby every page in a process's or kernel's address space may be either writable or executable, but not both. Without such protection, a program can write (as data) CPU instructions in an area of memory intended for data and then arrange to run (as executable) those instructions. This can be dangerous if the writer of the memory is malicious.

W^X is relatively simple on processors which support fine-grained page permissions, such as Sun's SPARC and SPARC64, AMD's AMD64, Hewlett-Packard's PA-RISC, HP's (originally Digital Equipment Corporation's) Alpha, and ARM.

Some early Intel 64 processors lacked the NX bit required for W^X, but this appeared in later chips. On processors with more limited features, such as the Intel i386, W^X requires using the CS code segment limit as a "line in the sand", a point in the address space above which execution is not permitted and data is located, and below which it is allowed and executable pages are placed.[1]

Linker changes are generally required to separate code (such as trampolines and other code needed for linker and library runtime functions) and data.


W^X was first implemented in OpenBSD 3.3, released May 2003. In 2004, Microsoft introduced a similar feature called DEP (Data Execution Prevention) in Windows XP. Similar features are available for other operating systems, including the PaX and Exec Shield patches for Linux, and NetBSD's implementation of PaX.

Although W^X (or DEP) has only protected userland programs for most of its existence, in 2012 Microsoft extended it to the Windows kernel on the x86 and ARM architectures.[2] In late 2014 and early 2015, W^X was added in the OpenBSD kernel on the AMD64 architecture.[3] In early 2016, W^X was fully implemented on NetBSD's amd64 kernel, and partially on the i386 kernel.

Since 2016, with Firefox 46, its virtual machine for JavaScript also implements the W^X policy.[4]

See also


  1. ^ "i386 W^X". 2003-04-17. Retrieved 2014.
  2. ^ "Exploit mitigation improvements in Win8".
  3. ^ "W^X protection for the AMD64 kernel".
  4. ^ "W^X JIT-code enabled in Firefox". Retrieved .

External links

  This article uses material from the Wikipedia page available here. It is released under the Creative Commons Attribution-Share-Alike License 3.0.



Connect with defaultLogic
What We've Done
Led Digital Marketing Efforts of Top 500 e-Retailers.
Worked with Top Brands at Leading Agencies.
Successfully Managed Over $50 million in Digital Ad Spend.
Developed Strategies and Processes that Enabled Brands to Grow During an Economic Downturn.
Taught Advanced Internet Marketing Strategies at the graduate level.

Manage research, learning and skills at defaultlogic.com. Create an account using LinkedIn to manage and organize your omni-channel knowledge. defaultlogic.com is like a shopping cart for information -- helping you to save, discuss and share.

  Contact Us