Non-executable stack and heap

Starting with version 2.0, NetBSD supports non-executable mappings on platforms where the hardware allows it. Process stack and heap mappings are non-executable by default. This makes exploiting potential buffer overflows harder. NetBSD supports PROT_EXEC permission via mmap() for all platforms where the hardware differentiates execute access from data access, though not necessarily with single-page granularity. When the hardware has a larger granularity, the rule is that if any page in the larger unit is executable, then the entire larger unit is executable, otherwise the entire larger unit is not executable.

No compile-time option is needed to enable this software support, it's always available.

This support is also used on some kernel configurations for PaX mprotect (also known as W^X), which forbids even a single page from being mapped both writable and executable. See paxctl(8) for more information.

Supported platforms

Here is a list of support levels based on hardware limitations. In this list "the stack" refers to the traditional UNIX process stack, not pthreads stacks.

  • aarch64, arm newer than ARMv6, amd64, sparc64, sparc (sun4m, sun4d), powerpc (ibm4xx), alpha, hppa, i386 with PAE (not the default): Full support, each page is independently executable or not.
  • powerpc (e.g., macppc): The hardware granularity is a segment (256MB) instead of a page. By default, the segment containing the stack is not executable.
  • i386 by default (no PAE): The hardware support is pretty limited, so the granularity is very coarse. The current software implementation in NetBSD is that there are only two regions of the application address space which may be independently executable or not: the stack and everything else. By default, the stack is not executable and everything else is executable
  • Everything else; arm older than ARMv6, m68k, mips, sh3, sparc(sun, sun4c), vax: No support, the hardware does not differentiate execute vs. data accesses, so anything readable to a process as data is executable by the process as code.