This security provision is a superset of the security provision more widely known under the name nonexecutable stack. It works by making all code in the process address space unmodifable and all data in the process address space nonexecutable. Once this provision is applied, the attacker can no longer prepare a "shellcode" somewhere in the process's address space and then "smash the stack" to force the process to jump to it.