Skip to content
TopicTracker
From HackerNewsView original
TranslationTranslation

Revisiting: Stack pivot, W^X break – in the context of PixelSmash

A developer revisits a stack pivot and W^X enforcement issue, discussing its relevance to the PixelSmash vulnerability in OpenBSD's memory protection framework.

Background

- This is a technical discussion on the OpenBSD misc mailing list about "PixelSmash," a hypothetical or real vulnerability/exploit technique that involves breaking W^X (write XOR execute) memory protections and using a "stack pivot." - W^X is a core security policy in OpenBSD: memory pages can be either writable or executable, but never both at the same time. Attackers often try to bypass this by making a writable region executable (breaking W^X) and then pivoting the stack pointer to a controlled buffer, a technique called a "stack pivot." - OpenBSD is a highly security-focused open-source Unix-like operating system known for proactive hardening, including W^X, address space layout randomization (ASLR), and privilege separation. The misc@ mailing list is its primary public technical forum. - This message is part of an ongoing design debate: can a determined attacker reliably chain a W^X break with a stack pivot inside the existing OpenBSD mitigation model, or are those protections considered orthogonal (independent and non-overridable)?