Unutma.
Kaynak: SANS

it is created one of the earlier security patches for the Linux kernel
that addressed the problems created by an executable user stack area. This feature
prevents attacks where a buffer overflow overwrites return pointers allowing an attacker
to execute arbitrary code inserted into the stack. “This patch also changes the default
address that shared libraries are mmap()’ed at to make it always contain a zero byte.
This makes it impossible to specify any more data (parameters to the function, or more
copies of the return address when filling with a pattern), — in many exploits that have to
do with ASCIIZ strings.”(7) While an excellent strategy in buffer overflow prevention,
this system only provides protection against these specific types of buffer overflows.
These features are also only available for Linux kernels running on i386 architectures.
Other (architecture independent) security enhancements provided by the x.