Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
W^X
open-in-new
<p>W^X (write xor execute, pronounced <i>W <a href="/facts/Exclusive_or/FHyr7hGQ">xr</a> X</i>) is a security policy in <a href="/facts/Operating_system/8XTuvMh2">operating systems</a> and <a href="/facts/Software_framework/EWasA8sG">software frameworks</a>. It implements <a href="/facts/Executable_space_protection/WcI79ME5">executable space protection</a> by ensuring every <a href="/facts/Memory_page/CNGruG1H">memory page</a> (a fixed-size block in a program’s <a href="/facts/Virtual_address_space/ILxbMjgv">virtual address space</a>, the memory layout it uses) is either writable or <a href="/facts/Executable/VSst9eLA">executable</a>, but not both. Without such protection, a program can write (as data "W") CPU instructions in an area of memory intended for data and then run (as executable "X"; or read-execute "RX") those instructions. This can be dangerous if the writer of the memory is malicious. </p><p>The terminology was first introduced in 2003 for <a href="/facts/Unix-like/YAKrAxzd">Unix-like</a> systems, but is today also used by some multi-platform systems (such as <a href="/facts/.NET/PDMQdfFu">.NET</a>). Other operating systems have adopted similar policies under different names (e.g., <a href="/facts/Data_execution_prevention/WcI79ME5">DEP</a> in Windows). </p><p>In Unix, W^X is typically controlled via the <a href="/facts/Mprotect/3zDwN2SG">mprotect</a> system call. It is relatively simple on <a href="/facts/Processor_design/HeNbj78g">processor architectures</a> supporting fine-grained page permissions, such as <a href="/facts/SPARC/m7KhEtET">SPARC</a>, <a href="/facts/X86-64/cyWvUFlP">x86-64</a>, <a href="/facts/PA-RISC/gjDs1HEh">PA-RISC</a>, <a href="/facts/Alpha_(microprocessor)/4eN7LuXG">Alpha</a>, and <a href="/facts/ARM_architecture/SALsYA79">ARM</a>. </p><p>The term W^X has also been applied to file system write/execute permissions to mitigate file write vulnerabilities (as with in memory) and attacker persistence. Enforcing restrictions on file permissions can also close gaps in W^X enforcement caused by memory mapped files. Outright forbidding the usage of arbitrary native code can also mitigate kernel and CPU vulnerabilities not exposed via the existing code on the computer. A less intrusive approach is to lock a file for the duration of any mapping into executable memory, which suffices to prevent post-inspection bypasses. </p>