The operating system is responsible for providing the ability to execute programs.

Linux can put the stack at a different beginning location each time the program is run.

This makes it harder to determine where your input string will be stored on the stack since it will vary each time the program is run.

So it will be difficult to provide a "return" address in the input attack string that will cause it to jump to the attack code.