Theo de Raadt wrote: > W^X is more than just stack protection. It means that all pages that > are writeable are also marked as not executable. At least, it means > this is how the system by default operates, until some process asks > for something that has both write and execute permission. > > On some architectures W^X is easy, since the native architecture has a > execute-permitted bit per page (sparc, sparc64, alpha, hppa, m88k). > On other architectures, it is difficult and various hacks have to be > done to make it work (i386, powerpc). It's not difficult at all on x86, but having non-overlapping Segments for Code and Data/Stack would limit the virtual address space. This doesn't matter if your machine is equipped with 2 GB (RAM+Pagefile) or less, because all pages of those 2 GB can completely be mapped to linear addresses in either the code or data/stack segment. As soon as there's more memory available, you have to decide how large the code and data/stack segment should be. Adressing more than 4 GB on x86 is an ugly hack anyways -PSE as well as PAE. -- * Origin: (2:2480/8057.2)
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
