Enables the stack to be marked as nonexecutable, which helps make buffer-overflow attacks more difficult.
0 (disabled) or 1 (enabled)
Yes. Does not affect currently running processes, only processes created after the value is set.
Should be enabled at all times unless applications are deliberately placing executable code on the stack without using mprotect to make the stack executable. For more information, see mprotect (2) .