In computer security, executable space protection is the marking of memory regions as non-executable, such that an attempt to execute machine code in these regions will cause an exception. It makes use of hardware features such as the NX bit.
The Burroughs 5000 offered hardware support for executable space protection when it was introduced in 1961; that capability was retained in its successors at least through 2006. In its implementation of tagged architecture, each word of memory had an associated, hidden tag bit designating it code or data. Thus, user programs cannot write or even read a program word, and data words cannot be executed.
If an operating system can mark some or all writable regions of memory as non-executable, it may be able to prevent the stack and heap memory areas from being executable. This helps to prevent certain buffer overflow exploits from succeeding, particularly those that inject and execute code, such as the Sasser and Blaster worms. These attacks rely on some part of memory, usually the stack, being both writable and executable; if it is not, the attack fails.
Read more about Executable Space Protection: OS Implementations
Famous quotes containing the words space and/or protection:
“Not so many years ago there there was no simpler or more intelligible notion than that of going on a journey. Travel—movement through space—provided the universal metaphor for change.... One of the subtle confusions—perhaps one of the secret terrors—of modern life is that we have lost this refuge. No longer do we move through space as we once did.”
—Daniel J. Boorstin (b. 1914)
“Ah! how much a mother learns from her child! The constant protection of a helpless being forces us to so strict an alliance with virtue, that a woman never shows to full advantage except as a mother. Then alone can her character expand in the fulfillment of all life’s duties and the enjoyment of all its pleasures.”
—HonorĂ© De Balzac (1799–1850)