diff -Nrup mkinitrd-3.5.7.orig/grubby/mount_by_label.c mkinitrd-3.5.7/grubby/mount_by_label.c
--- mkinitrd-3.5.7.orig/grubby/mount_by_label.c	2002-12-16 22:05:01.000000000 +0000
+++ mkinitrd-3.5.7/grubby/mount_by_label.c	2004-08-07 09:14:40.000000000 +0000
@@ -29,6 +29,15 @@
 
 #define _(str) (str)
 
+#ifndef gnu_dev_makedev
+unsigned long long int gnu_dev_makedev (unsigned int __major, unsigned int __minor)
+{
+  return ((__minor & 0xff) | ((__major & 0xfff) << 8)
+          | (((unsigned long long int) (__minor & ~0xff)) << 12)
+          | (((unsigned long long int) (__major & ~0xfff)) << 32));
+}
+#endif
+
 static struct uuidCache_s {
 	struct uuidCache_s *next;
 	char uuid[16];
diff -Nrup mkinitrd-3.5.7.orig/nash/Makefile mkinitrd-3.5.7/nash/Makefile
--- mkinitrd-3.5.7.orig/nash/Makefile	2003-06-11 16:55:31.000000000 +0000
+++ mkinitrd-3.5.7/nash/Makefile	2004-08-07 09:19:13.000000000 +0000
@@ -1,23 +1,25 @@
 CFLAGS=-Wall -DVERSION=\"$(VERSION)\" -g
 VERSION=$(shell awk -F= '/^VERSION=/ { print $$2 }' ../mkinitrd)
+OBJS = nash.o mount_by_label.o
 
 ARCH := $(patsubst i%86,i386,$(shell uname -m))
 ARCH := $(patsubst sparc%,sparc,$(ARCH))
 
 ifeq (i386, $(ARCH))
 CC:=diet $(CC)
-CFLAGS += -DUSE_DIET=1
+CFLAGS += -fno-stack-protector
+OBJS +=
 else
 STATIC=-static
 endif
 
 mandir=usr/share/man
 
-nash: nash.o mount_by_label.o
-	$(CC) $(STATIC) -g $(LDFLAGS) -o $@ nash.o mount_by_label.o
+nash: $(OBJS)
+	$(CC) $(STATIC) -static -fno-stack-protector $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS)
 
 clean:
-	rm -f nash $(MINILIBC) nash.o mount_by_label.o
+	rm -f nash $(MINILIBC) $(OBJS)
 
 install:
 	mkdir -p $(BUILDROOT)/sbin
diff -Nrup mkinitrd-3.5.7.orig/nash/mount_by_label.c mkinitrd-3.5.7/nash/mount_by_label.c
--- mkinitrd-3.5.7.orig/nash/mount_by_label.c	2002-12-16 22:05:01.000000000 +0000
+++ mkinitrd-3.5.7/nash/mount_by_label.c	2004-08-07 09:14:40.000000000 +0000
@@ -172,7 +172,7 @@ uuidcache_init(void) {
 			int mustRemoveDir = 0;
 			int i;
 
-			sprintf(device, "%s/%s", DEVLABELDIR, ptname);
+			snprintf(device, sizeof(device), "%s/%s", DEVLABELDIR, ptname);
 			if (access(device, F_OK)) {
 			    ptr = device;
 			    i = 0;
diff -Nrup mkinitrd-3.5.7.orig/nash/nash.c mkinitrd-3.5.7/nash/nash.c
--- mkinitrd-3.5.7.orig/nash/nash.c	2003-06-20 19:18:02.000000000 +0000
+++ mkinitrd-3.5.7/nash/nash.c	2004-08-07 09:19:55.000000000 +0000
@@ -72,7 +72,7 @@
 #define MS_REMOUNT      32
 #endif
 
-#ifdef USE_DIET
+#if (defined(__dietlibc__) && !defined(__PIC__))
 static inline _syscall2(int,pivot_root,const char *,one,const char *,two)
 #endif
 
@@ -517,7 +517,7 @@ int raidautorunCommand(char * cmd, char 
 }
 
 static int my_pivot_root(char * one, char * two) {
-#ifdef USE_DIET
+#ifdef __dietlibc__
     return pivot_root(one, two);
 #else
     return syscall(__NR_pivot_root, one, two);
@@ -914,7 +914,7 @@ int findlodevCommand(char * cmd, char * 
 	strcpy(separator, "/");
 
     for (devNum = 0; devNum < 256; devNum++) {
-	sprintf(devName, "/dev/loop%s%d", separator, devNum);
+	snprintf(devName, sizeof(devName), "/dev/loop%s%d", separator, devNum);
 	if ((fd = open(devName, O_RDONLY)) < 0) return 0;
 
 	if (ioctl(fd, LOOP_GET_STATUS, &loopInfo)) {
@@ -1045,7 +1045,7 @@ int mkdevicesCommand(char * cmd, char * 
 			char * ptr, * deviceDir;
 			int i;
 
-			sprintf(devName, "%s/%s", prefix, start);
+			snprintf(devName, sizeof(devName), "%s/%s", prefix, start);
 			unlink(devName);
 
 			ptr = devName;
diff -Nrup mkinitrd-3.5.7.orig/nash/ssp.c mkinitrd-3.5.7/nash/ssp.c
--- mkinitrd-3.5.7.orig/nash/ssp.c	1970-01-01 00:00:00.000000000 +0000
+++ mkinitrd-3.5.7/nash/ssp.c	2004-08-07 09:14:40.000000000 +0000
@@ -0,0 +1,168 @@
+/*
+ * Distributed under the terms of the GNU General Public License v2
+ * $Header: /var/cvsroot/gentoo-x86/sys-apps/mkinitrd/files/mkinitrd-3.5.7-dietssp.patch,v 1.1 2004/10/10 22:44:47 solar Exp $
+ *
+ * This is a modified version of Hiroaki Etoh's stack smashing routines
+ * implemented for glibc.
+ *
+ * The following people have contributed input to this code.
+ * Ned Ludd - <solar[@]gentoo.org>
+ * Alexander Gabert - <pappy[@]gentoo.org>
+ * The PaX Team - <pageexec[@]freemail.hu>
+ * Peter S. Mazinger - <ps.m[@]gmx.net>
+ * Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
+ * Robert Connolly - <robert[@]linuxfromscratch.org>
+ * Cory Visi <cory@visi.name>
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <signal.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/syslog.h>
+#include <sys/time.h>
+#include <sys/sysctl.h>
+
+#ifndef _PATH_LOG
+#define _PATH_LOG "/dev/log"
+#endif
+
+#ifdef __PROPOLICE_BLOCK_SEGV__
+#define SSP_SIGTYPE SIGSEGV
+#elif __PROPOLICE_BLOCK_KILL__
+#define SSP_SIGTYPE SIGKILL
+#else
+#define SSP_SIGTYPE SIGABRT
+#endif
+
+unsigned long __guard = 0UL;
+
+void
+__guard_setup (void)
+{
+  size_t size;
+#ifdef HAVE_DEV_ERANDOM
+  int mib[3];
+#endif
+
+  if (__guard != 0UL)
+    return;
+
+#ifndef __SSP_QUICK_CANARY__
+#ifdef HAVE_DEV_ERANDOM
+  /* Random is another depth in Linux, hence an array of 3. */
+  mib[0] = CTL_KERN;
+  mib[1] = KERN_RANDOM;
+  mib[2] = RANDOM_ERANDOM;
+
+  size = sizeof (unsigned long);
+  if (__sysctl (mib, 3, &__guard, &size, NULL, 0) != (-1))
+    if (__guard != 0UL)
+      return;
+#endif
+  /* 
+   * Attempt to open kernel pseudo random device if one exists before 
+   * opening urandom to avoid system entropy depletion.
+   */
+  {
+    int fd;
+#ifdef HAVE_DEV_ERANDOM
+    if ((fd = open ("/dev/erandom", O_RDONLY)) == (-1))
+#endif
+      fd = open ("/dev/urandom", O_RDONLY);
+    if (fd != (-1))
+      {
+	size = read (fd, (char *) &__guard, sizeof (__guard));
+	close (fd);
+	if (size == sizeof (__guard))
+	  return;
+      }
+  }
+#endif
+
+  /* If sysctl was unsuccessful, use the "terminator canary". */
+  __guard = 0xFF0A0D00UL;
+
+  {
+    /* Everything failed? Or we are using a weakened model of the 
+     * terminator canary */
+    struct timeval tv;
+
+    gettimeofday (&tv, NULL);
+    __guard ^= tv.tv_usec ^ tv.tv_sec;
+  }
+}
+
+void
+__stack_smash_handler (char func[], int damaged)
+{
+#ifndef __dietlibc__
+  struct sockaddr_un sock;	/* AF_UNIX address of local logger */
+#endif
+  struct sigaction sa;
+  const char message[] = ": stack smashing attack in function ";
+  char buf[512];
+  int bufsz, len;
+#if !defined(__dietlibc__)
+  int log;
+  extern char *__progname;
+#else
+  static char *__progname = "dietapp";
+#endif
+
+  sigset_t mask;
+  sigfillset (&mask);
+
+  sigdelset (&mask, SSP_SIGTYPE);	/* Block all signal handlers */
+  sigprocmask (SIG_BLOCK, &mask, NULL);	/* except SIGABRT */
+
+  bufsz = sizeof (buf);
+  strcpy (buf, "<2>");
+  len = 3;
+
+  strncat (buf, __progname, sizeof (buf) - 4);
+  len = strlen (buf);
+
+  if (bufsz > len)
+    {
+      strncat (buf, message, bufsz - len - 1);
+      len = strlen (buf);
+    }
+  if (bufsz > len)
+    {
+      strncat (buf, func, bufsz - len - 1);
+      len = strlen (buf);
+    }
+
+  /* print error message */
+  write (STDERR_FILENO, buf + 3, len - 3);
+  write (STDERR_FILENO, "()\n", 3);
+#ifndef __dietlibc__
+  if ((log = socket (AF_UNIX, SOCK_DGRAM, 0)) != -1)
+    {
+      /* Send "found" message to the "/dev/log" path */
+      sock.sun_family = AF_UNIX;
+      (void) strncpy (sock.sun_path, _PATH_LOG, sizeof (sock.sun_path) - 1);
+      sock.sun_path[sizeof (sock.sun_path) - 1] = '\0';
+      sendto (log, buf, len, 0, (struct sockaddr *) &sock, sizeof (sock));
+    }
+#endif
+  /* Make sure the default handler is associated with the our signal handler */
+
+  memset (&sa, 0, sizeof (struct sigaction));
+  sigfillset (&sa.sa_mask);	/* Block all signals */
+  sa.sa_flags = 0;
+  sa.sa_handler = SIG_DFL;
+  sigaction (SSP_SIGTYPE, &sa, NULL);
+  // (void) kill (getpid (), SSP_SIGTYPE);
+  // _exit (127);
+}