Comment 7 for bug 424597

Executing code on the stack and executing shells commands is completely different, although one or the another or a combination of both can be used as forms of exploitation. Shell commands just happens to be something bwbasic parses in .bas files, something that is meant to happen, and executing code on the stack by overflowing a buffer and overwriting the return address clearly is not. I'm not saying the environment is going to be very clear and reasonable, but that a buffer overflow in parsing .bas files is a security issue that should be fixed.