Michael mentioned the Unix "feature" of "executing data as code".

This one caused a security hole in the old NCSA httpd 1.3 (or
something alike) where a "too large" URL that was very cleverly
designed could overflow a buffer, overwrite adjacent stack areas
and make the server execute part of that "giant URL" as code.

Not pretty fancy. Especially if you carelessly run httpd as root!

Notice that this "feature" does not work on MPE/iX because MPE
makes a difference between code and data pages (by using PA-RISC
features that Unix seems to ignore). The "giant URL" was able to
corrupt the httpd stack but MPE/iX refused to execute the code
as the stack consists of memory pages enabled for data access
only.

The result of this attack on MPE/iX was that the respective httpd
server child failed with an "Instruction Memory Protection Trap".

My $0.02 on this.

Lars (MPE/iX is not just another UNIX)