Currently trying to smash the stack under backtrack 5.

I set va_randomize_space to 0

I compile the vulnurable source with gcc and use the flags -fno-stack-protector as well as -z execstack

I'm still unable to smash due to some other stack protection. What else could I be missing?