mingetty.c:111 calls syslog (LOG_ERR, buf); This should be syslog(LOG_ERR, "%s", buf); To the best of my knowledge this can't be abused, but why not change it anyway. -Jarno PS. Also a few lines earlier there's a call to vsprintf instead of vsnprintf
fixed in mingetty-0.9.4-16