W^X - The Mechanism Many bugs are exploitable because the address space has memory that is both writeable and executable (permissions = W | X) Note this location has to be executable We could make the stack non-executable... Can we... do better? How about a generic policy for the whole address space: A page may be either writeable or executable, but not both (unless application requested...) We will call this policy W ^ X (W xor X)