--- ../good_linux/fs/binfmt_aout.c	Sat Jul 21 23:42:25 2001
+++ ./fs/binfmt_aout.c	Thu Aug 23 05:24:34 2001
@@ -24,6 +24,7 @@
 #include <linux/binfmts.h>
 #include <linux/personality.h>
 #include <linux/init.h>
+#include <linux/random.h>
 
 #include <asm/system.h>
 #include <asm/uaccess.h>
@@ -195,8 +196,15 @@
 	unsigned long * sp;
 	int argc = bprm->argc;
 	int envc = bprm->envc;
-
-	sp = (unsigned long *) ((-(unsigned long)sizeof(char *)) & (unsigned long) p);
+	unsigned long rand;
+	
+	sp = (unsigned long *)
+			((-(unsigned long)sizeof(char *)) & (unsigned long) p );
+	
+	get_random_bytes(&rand, 4);
+	rand %= MAX_ARG_PAGES*PAGE_SIZE;
+	sp = (unsigned long *)((unsigned long)sp - rand);
+	
 #ifdef __sparc__
 	/* This imposes the proper stack alignment for a new process. */
 	sp = (unsigned long *) (((unsigned long) sp) & ~7);
@@ -411,9 +419,10 @@
 		send_sig(SIGKILL, current, 0); 
 		return retval;
 	}
-
+	
 	current->mm->start_stack =
 		(unsigned long) create_aout_tables((char *) bprm->p, bprm);
+
 #ifdef __alpha__
 	regs->gp = ex.a_gpvalue;
 #endif
--- ../good_linux/fs/binfmt_elf.c	Sat Jul 21 23:42:25 2001
+++ ./fs/binfmt_elf.c	Thu Aug 23 05:24:21 2001
@@ -31,6 +31,7 @@
 #include <linux/init.h>
 #include <linux/highuid.h>
 #include <linux/smp_lock.h>
+#include <linux/random.h>
 
 #include <asm/uaccess.h>
 #include <asm/param.h>
@@ -115,7 +116,8 @@
 	char *k_platform, *u_platform;
 	long hwcap;
 	size_t platform_len = 0;
-
+	unsigned long rand;
+	
 	/*
 	 * Get hold of platform and hardware capabilities masks for
 	 * the machine we are running on.  In some cases (Sparc), 
@@ -137,6 +139,11 @@
 	 * Force 16 byte _final_ alignment here for generality.
 	 */
 	sp = (elf_addr_t *)(~15UL & (unsigned long)(u_platform));
+	
+	get_random_bytes(&rand, 4);
+	rand %= MAX_ARG_PAGES*PAGE_SIZE;
+	sp = (unsigned long *)((unsigned long)sp - rand);
+					
 	csp = sp;
 	csp -= (1+DLINFO_ITEMS)*2 + (k_platform ? 2 : 0);
 #ifdef DLINFO_ARCH_ITEMS
@@ -413,7 +420,7 @@
 	struct elfhdr interp_elf_ex;
   	struct exec interp_ex;
 	char passed_fileno[6];
-
+	
 	/* Get the exec-header */
 	elf_ex = *((struct elfhdr *) bprm->buf);
 
@@ -592,9 +599,14 @@
 	/* Do this so that we can load the interpreter, if need be.  We will
 	   change some of these later */
 	current->mm->rss = 0;
-	setup_arg_pages(bprm); /* XXX: check error */
+	retval = setup_arg_pages(bprm);
+    if (retval < 0) {
+		/* Someone check-me: is this error path enough? */
+		send_sig(SIGKILL, current, 0);
+		return retval;
+	}
+	
 	current->mm->start_stack = bprm->p;
-
 	/* Now we do a little grungy work by mmaping the ELF image into
 	   the correct location in memory.  At this point, we assume that
 	   the image should be loaded at fixed address, not at a variable