Executable space protection
From Wikipedia, the free encyclopedia
In computer security, executable space protection is the marking of memory regions as non-executable, such that an attempt to execute machine code in these regions will cause an exception. It often makes use of hardware features such as the NX bit. Implementations for Linux include PaX, Exec Shield, and Openwall. OpenBSD's features W^X.
Pay attention regarding Microsoft Windows'Data Execution Prevention. The hardware-enforced version, utilizing the mentioned bit does protect from execution of code in data buffers. Even though the name "software-enforced Data Execution Prevention" sounds similar it does not prevent from that attack type (Buffer Overflow). Instead it protects from another specific attack type (SEH handler overwrite) that occurred one time only and has never repeated.
[edit] See also
[edit] References
- Microsoft's Non Existing Software Data Execution Prevention: [1]
- NetBSD: Non-executable stack and heap