diff -urN linux.orig/linux-2.2.21-ow1/linux-2.2.21-ow1.diff linux/linux-2.2.21-ow1/linux-2.2.21-ow1.diff --- linux.orig/linux-2.2.21-ow1/linux-2.2.21-ow1.diff Sat May 25 19:44:23 2002 +++ linux/linux-2.2.21-ow1/linux-2.2.21-ow1.diff Sat Aug 24 11:53:04 2002 @@ -193,18 +193,6 @@ # # Kernel hacking -diff -urPX nopatch linux-2.2.21/arch/alpha/kernel/entry.S linux/arch/alpha/kernel/entry.S ---- linux-2.2.21/arch/alpha/kernel/entry.S Fri Nov 2 19:39:05 2001 -+++ linux/arch/alpha/kernel/entry.S Sat May 25 20:26:03 2002 -@@ -556,7 +556,7 @@ - lda $5,sys_call_table - lda $27,sys_ni_syscall - cmpult $0,$4,$4 -- ldq $3,TASK_FLAGS($8) -+ ldq $3,TASK_PTRACE($8) - stq $17,SP_OFF+32($30) - s8addq $0,$5,$5 - and $3,PT_PTRACED,$3 diff -urPX nopatch linux-2.2.21/arch/arm/config.in linux/arch/arm/config.in --- linux-2.2.21/arch/arm/config.in Sun Mar 25 20:31:54 2001 +++ linux/arch/arm/config.in Sat May 25 20:26:03 2002 @@ -964,29 +952,6 @@ # # Watchdog -diff -urPX nopatch linux-2.2.21/drivers/net/zlib.c linux/drivers/net/zlib.c ---- linux-2.2.21/drivers/net/zlib.c Tue May 21 03:32:35 2002 -+++ linux/drivers/net/zlib.c Sat May 25 20:33:16 2002 -@@ -3938,7 +3938,6 @@ - r = t; - LEAVE - } -- ZFREE(z, s->sub.trees.blens); - Tracev((stderr, "inflate: trees ok, %d * %d bytes used\n", - inflate_hufts, sizeof(inflate_huft))); - if ((c = inflate_codes_new(bl, bd, tl, td, z)) == Z_NULL) -diff -urPX nopatch linux-2.2.21/drivers/scsi/st.c linux/drivers/scsi/st.c ---- linux-2.2.21/drivers/scsi/st.c Fri Nov 2 19:39:08 2001 -+++ linux/drivers/scsi/st.c Sat May 25 20:26:27 2002 -@@ -1463,7 +1463,7 @@ - if (transfer < 0) { - if (STps->drv_block >= 0) - STps->drv_block += 1; -- return (-ENOMEM); -+ return (-EIO); - } - (STp->buffer)->buffer_bytes = bytes - transfer; - } diff -urPX nopatch linux-2.2.21/fs/binfmt_aout.c linux/fs/binfmt_aout.c --- linux-2.2.21/fs/binfmt_aout.c Fri Nov 2 19:39:08 2001 +++ linux/fs/binfmt_aout.c Sat May 25 20:26:27 2002 @@ -1430,59 +1395,6 @@ current->dumpable = was_dumpable; -diff -urPX nopatch linux-2.2.21/fs/ext2/file.c linux/fs/ext2/file.c ---- linux-2.2.21/fs/ext2/file.c Sun Mar 25 20:30:58 2001 -+++ linux/fs/ext2/file.c Sat May 25 20:26:27 2002 -@@ -164,15 +164,15 @@ - int err; - int i,buffercount,write_error, new_buffer; - unsigned long limit; -- -+ - /* POSIX: mtime/ctime may not change for 0 count */ - if (!count) - return 0; - /* This makes the bounds-checking arithmetic later on much more - * sane. */ -- if (((signed) count) < 0) -+ if (((ssize_t) count) < 0) - return -EINVAL; -- -+ - write_error = buffercount = 0; - if (!inode) { - printk("ext2_file_write: inode = NULL\n"); -@@ -206,15 +206,15 @@ - /* If the fd's pos is already greater than or equal to the file - * descriptor's offset maximum, then we need to return EFBIG for - * any non-zero count (and we already tested for zero above). */ -- if (((unsigned) pos) >= 0x7FFFFFFFUL) -+ if (((unsigned long) pos) >= 0x7FFFFFFFUL) - return -EFBIG; - - /* If we are about to overflow the maximum file size, we also - * need to return the error, but only if no bytes can be written - * successfully. */ -- if (((unsigned) pos + count) > 0x7FFFFFFFUL) { -+ if (((unsigned long) pos + count) > 0x7FFFFFFFUL) { - count = 0x7FFFFFFFL - pos; -- if (((signed) count) < 0) -+ if (((ssize_t) count) < 0) - return -EFBIG; - } - #else -@@ -246,9 +246,9 @@ - - limit = current->rlim[RLIMIT_FSIZE].rlim_cur; - if (limit < RLIM_INFINITY) { -- if (((unsigned) pos+count) >= limit) { -+ if (((unsigned long) pos + count) >= limit) { - count = limit - pos; -- if (((signed) count) <= 0) { -+ if (((ssize_t) count) <= 0) { - send_sig(SIGXFSZ, current, 0); - return -EFBIG; - } diff -urPX nopatch linux-2.2.21/fs/namei.c linux/fs/namei.c --- linux-2.2.21/fs/namei.c Fri Nov 2 19:39:08 2001 +++ linux/fs/namei.c Sat May 25 20:26:27 2002 @@ -1717,25 +1629,6 @@ } if (ino & PROC_PID_FD_DIR) { struct file * file; -diff -urPX nopatch linux-2.2.21/fs/proc/proc_tty.c linux/fs/proc/proc_tty.c ---- linux-2.2.21/fs/proc/proc_tty.c Sun Mar 25 20:30:58 2001 -+++ linux/fs/proc/proc_tty.c Sat May 25 20:26:27 2002 -@@ -178,7 +178,14 @@ - if (!ent) - return; - proc_tty_ldisc = create_proc_entry("tty/ldisc", S_IFDIR, 0); -- proc_tty_driver = create_proc_entry("tty/driver", S_IFDIR, 0); -+ /* -+ * /proc/tty/driver/serial reveals the exact character counts for -+ * serial links which is just too easy to abuse for inferring -+ * password lengths and inter-keystroke timings during password -+ * entry. -+ */ -+ proc_tty_driver = create_proc_entry("tty/driver", -+ S_IFDIR | S_IRUSR | S_IXUSR, 0); - - ent = create_proc_entry("tty/ldiscs", 0, 0); - ent->read_proc = tty_ldiscs_read_proc; diff -urPX nopatch linux-2.2.21/fs/proc/root.c linux/fs/proc/root.c --- linux-2.2.21/fs/proc/root.c Tue May 21 03:32:35 2002 +++ linux/fs/proc/root.c Sat May 25 20:26:27 2002 @@ -1954,17 +1847,6 @@ /* * Ptrace flags -diff -urPX nopatch linux-2.2.21/include/linux/stat.h linux/include/linux/stat.h ---- linux-2.2.21/include/linux/stat.h Sun Mar 25 20:31:03 2001 -+++ linux/include/linux/stat.h Sat May 25 20:26:53 2002 -@@ -52,6 +52,7 @@ - #define S_IRUGO (S_IRUSR|S_IRGRP|S_IROTH) - #define S_IWUGO (S_IWUSR|S_IWGRP|S_IWOTH) - #define S_IXUGO (S_IXUSR|S_IXGRP|S_IXOTH) -+#define S_IRXUG (S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP) - #endif - - #endif diff -urPX nopatch linux-2.2.21/ipc/shm.c linux/ipc/shm.c --- linux-2.2.21/ipc/shm.c Sun Mar 25 20:37:40 2001 +++ linux/ipc/shm.c Sat May 25 20:26:53 2002 @@ -2094,120 +1976,6 @@ return do_syslog(type, buf, len); } -@@ -260,7 +266,7 @@ - - spin_lock_irqsave(&console_lock, flags); - va_start(args, fmt); -- i = vsprintf(buf + 3, fmt, args); /* hopefully i < sizeof(buf)-4 */ -+ i = _vsnprintf(buf + 3, sizeof(buf) - sizeof(buf) / 8 - 3, fmt, args); - buf_end = buf + 3 + i; - va_end(args); - for (p = buf + 3; p < buf_end; p++) { -diff -urPX nopatch linux-2.2.21/kernel/sys.c linux/kernel/sys.c ---- linux-2.2.21/kernel/sys.c Sun Mar 25 20:37:40 2001 -+++ linux/kernel/sys.c Sat May 25 21:27:04 2002 -@@ -507,8 +507,8 @@ - if (euid != current->euid) - current->dumpable = 0; - current->euid = euid; -- current->fsuid = euid; - } -+ current->fsuid = current->euid; - if (suid != (uid_t) -1) - current->suid = suid; - -@@ -554,8 +554,8 @@ - if (egid != current->egid) - current->dumpable = 0; - current->egid = egid; -- current->fsgid = egid; - } -+ current->fsgid = current->egid; - if (sgid != (gid_t) -1) - current->sgid = sgid; - return 0; -diff -urPX nopatch linux-2.2.21/kernel/sysctl.c linux/kernel/sysctl.c ---- linux-2.2.21/kernel/sysctl.c Sun Mar 25 20:37:40 2001 -+++ linux/kernel/sysctl.c Sat May 25 20:26:53 2002 -@@ -338,8 +338,11 @@ - size_t old_len; - if (!oldlenp) - return -EFAULT; -- if(get_user(old_len, oldlenp)) -+ if (get_user(old_len, oldlenp)) - return -EFAULT; -+ /* XXX: insufficient for SMP, but should be redundant anyway */ -+ if ((ssize_t)old_len < 0) -+ return -EINVAL; - } - tmp = &root_table_header; - do { -@@ -459,7 +462,8 @@ - * zero, proceed with automatic r/w */ - if (table->data && table->maxlen) { - if (oldval && oldlenp) { -- get_user(len, oldlenp); -+ if (get_user(len, oldlenp)) -+ return -EFAULT; - if (len) { - if (len > table->maxlen) - len = table->maxlen; -@@ -1047,7 +1051,8 @@ - - for (i = 0; i < length; i++) { - int value; -- get_user(value, vec + i); -+ if (get_user(value, vec + i)) -+ return -EFAULT; - if (min && value < min[i]) - return -EINVAL; - if (max && value > max[i]) -diff -urPX nopatch linux-2.2.21/lib/vsprintf.c linux/lib/vsprintf.c ---- linux-2.2.21/lib/vsprintf.c Sun Mar 25 20:31:02 2001 -+++ linux/lib/vsprintf.c Sat May 25 20:26:53 2002 -@@ -142,7 +142,7 @@ - /* Forward decl. needed for IP address printing stuff... */ - int sprintf(char * buf, const char *fmt, ...); - --int vsprintf(char *buf, const char *fmt, va_list args) -+int _vsnprintf(char *buf, int n, const char *fmt, va_list args) - { - int len; - unsigned long num; -@@ -157,7 +157,7 @@ - number of chars for from string */ - int qualifier; /* 'h', 'l', or 'L' for integer fields */ - -- for (str=buf ; *fmt ; ++fmt) { -+ for (str = buf; *fmt && (n == -1 || str - buf < n); ++fmt) { - if (*fmt != '%') { - *str++ = *fmt; - continue; -@@ -231,6 +231,12 @@ - - len = strnlen(s, precision); - -+ if (n != -1 && len >= n - (str - buf)) { -+ len = n - 1 - (str - buf); -+ if (len <= 0) break; -+ if (len < field_width) field_width = len; -+ } -+ - if (!(flags & LEFT)) - while (len < field_width--) - *str++ = ' '; -@@ -304,6 +310,11 @@ - } - *str = '\0'; - return str-buf; -+} -+ -+int vsprintf(char *buf, const char *fmt, va_list args) -+{ -+ return _vsnprintf(buf, -1, fmt, args); - } - - int sprintf(char * buf, const char *fmt, ...) diff -urPX nopatch linux-2.2.21/mm/mmap.c linux/mm/mmap.c --- linux-2.2.21/mm/mmap.c Sun Mar 25 20:31:02 2001 +++ linux/mm/mmap.c Sat May 25 20:26:53 2002