> On the face of it that sounds pretty sensible (from a security perspective).
> Why doesn't Linux do it?
PaX has had such a feature for some time, but its performance impact isn't negligible. i have only numbers for an early naive implementation (pages were zeroed twice effectively), the kernel time of kernel compilation went up by some 40%, IIRC, so even assuming the current implementation it's probably not better than 20%. now this is kernel time only, if your workload is mostly userland then you will care a lot less, otherwise you'll have to find out where on the user/kernel scale you fall and decide accordingly if it's worth it.