In message <20010802141326.H5407@wintermute.arkham.ws>, Brian Hechinger writes:
>On Thu, Aug 02, 2001 at 08:09:08PM +0200, Michael Kukat wrote:
>> 
>> 
>> But don't think you are safe, because your Alpha can't execute the i386-code
>> of the script kiddies. Interpreter scripts (like usual shell scripts) just r
>un,
>> if the buffer overflow allows execution of code. So just start with "#!/bin/
>sh"
>> and it will run on every platform, can modify /etc/inetd.conf, HUP it, and
>> voila, your shell on some port is open...
>
>you run your web server as root?  then you get what you deserve. :)
>

It's worth noting that the effects of the current Code Red worm would 
be identical if it were running as "www".  It spread, which requires 
network access; it defaced the site, which requires "www" access; and 
it tried to flood www.whitehouse.gov, which again requires network 
access.

		--Steve Bellovin, http://www.research.att.com/~smb