In case we can persuade you, the attached patch will be needed - it protects create_floppy_devices against an incorrect array bound check and against possible buffer overflow resulting from the sysadmin specifying too long a pathname for /dev.
This could be done better with perl as for write_cd_rules, if only Mknod.pm were a standard shipped module ... Nick
--- create_floppy_devices.c.orig 2006-05-29 10:18:16.000000000 +0100 +++ create_floppy_devices.c 2006-06-30 12:10:04.000000000 +0100 @@ -102,7 +102,7 @@ return 1; } - if (type < 0 || type > (int) sizeof(table)) { + if (type < 0 || type >= (int) (sizeof(table_sup) / sizeof(table_sup[0])) ) { fprintf(stderr,"Invalid CMOS type %d\n", type); return 1; } @@ -112,7 +112,11 @@ i = 0; while (table_sup[type][i]) { - sprintf(node, "%s%s",dev, table[table_sup[type][i]]); + if (snprintf(node, sizeof(node), "%s%s",dev, table[table_sup[type][i]]) >= sizeof(node)) { + fprintf(stderr,"Generated device name longer than %d\n", sizeof(node)); + return 1; + + }; minor = (table_sup[type][i] << 2) + fdnum; if (print_nodes) printf("%s b %d %d %d\n", node, mode, major, minor);