diff -Naur uClibc-20050202.orig/extra/Configs/Config.in uClibc-20050202/extra/Configs/Config.in
--- uClibc-20050202.orig/extra/Configs/Config.in	2005-02-06 11:37:22.839917136 +0000
+++ uClibc-20050202/extra/Configs/Config.in	2005-02-08 18:03:18.327178760 +0000
@@ -1110,24 +1110,39 @@
 		functions must be written as position independent code (PIC).
 
 config UCLIBC_HAS_SSP
-	bool "Support for propolice stack protection"
+	bool "Support for propolice smashing stack protector"
 	depends on UCLIBC_SECURITY
 	default n
 	help
-	  Adds propolice protection to libc (__guard and __stack_smash_handler).
-	  More about it on <http://www.research.ibm.com/trl/projects/security/ssp> .
-	  To be able to use it, you'll also need a propolice patched gcc,
-	  supporting the -fstack-protector[-all] options. It is a specially patched
-	  gcc version, where __guard and __stack_smash_handler are removed from libgcc.
+	  Add propolice smashing stack protector to the library.
+	  This requires a patched version of GCC, supporting the
+	  -fstack-protector[-all] options, with the __guard and
+	  __stack_smash_handler functions removed from libgcc. These functions
+	  are added to libc instead.
+	  More information at:
+	  http://www.research.ibm.com/trl/projects/security/ssp/
 	  Most people will answer N.
 
 config SSP_QUICK_CANARY
-	bool "Simple propolice canary w/o accessing /dev/*random"
+	bool "Use simple guard values without accessing /dev/urandom"
 	depends on UCLIBC_HAS_SSP
 	default n
 	help
-	  Propolice uses a simplified version of the canary, without accessing
-	  /dev/*random.
+	  Use gettimeofday(2) to define the __guard without accessing
+	  /dev/urandom.
+	  WARNING: This makes smashing stack protector vulnerable to timing
+		attacks.
+	  Most people will answer N.
+
+config SSP_USE_ERANDOM
+	bool "Use erandom for setting guard value if /dev/urandom fails"
+	depends on UCLIBC_HAS_SSP && !SSP_QUICK_CANARY
+	default n
+	help
+	  Use erandom to define the __guard if /dev/urandom fails (chroot).
+	  This requires a modified kernel.
+	  More information at:
+	  http://frandom.sourceforge.net/.
 	  Most people will answer N.
 
 choice
@@ -1160,7 +1175,6 @@
 
 config UCLIBC_BUILD_SSP
 	bool "Build uClibc with propolice protection"
-	depends on UCLIBC_SECURITY
 	depends on UCLIBC_HAS_SSP
 	default n
 	help
diff -Naur uClibc-20050202.orig/libc/sysdeps/linux/common/ssp.c uClibc-20050202/libc/sysdeps/linux/common/ssp.c
--- uClibc-20050202.orig/libc/sysdeps/linux/common/ssp.c	2005-02-06 11:37:23.639994384 +0000
+++ uClibc-20050202/libc/sysdeps/linux/common/ssp.c	2005-02-08 18:16:02.414354344 +0000
@@ -29,7 +29,7 @@
 #include <sys/un.h>
 #include <sys/syslog.h>
 #include <sys/time.h>
-#ifdef HAVE_DEV_ERANDOM
+#ifdef __SSP_USE_ERANDOM__
 #include <sys/sysctl.h>
 #endif
 
@@ -47,53 +47,40 @@
 {
 	size_t size;
 	struct timeval tv;
-
-#ifdef HAVE_DEV_ERANDOM
-	int mib[3];
-#endif
+	int fd=0;
 
 	if (__guard != 0UL)
 		return;
 
+	__guard = 0xFF0A0D00UL;
+
 #ifndef __SSP_QUICK_CANARY__
-#ifdef HAVE_DEV_ERANDOM
-	/* Random is another depth in Linux, hence an array of 3. */
-	mib[0] = CTL_KERN;
-	mib[1] = KERN_RANDOM;
-	mib[2] = RANDOM_ERANDOM;
-
-	size = sizeof(unsigned long);
-	if (__sysctl(mib, 3, &__guard, &size, NULL, 0) != (-1))
-		if (__guard != 0UL)
+	fd = __libc_open("/dev/urandom", O_RDONLY);
+	if (fd != (-1)) {
+ 		size = __libc_read(fd, (char *) &__guard, sizeof(__guard));
+		__libc_close(fd);
+		if (size == sizeof(__guard))
 			return;
-#endif
-	/* 
-	 * Attempt to open kernel pseudo random device if one exists before 
-	 * opening urandom to avoid system entropy depletion.
-	 */
-	{
-		int fd;
+	}
 
-#ifdef HAVE_DEV_ERANDOM
-		if ((fd = open("/dev/erandom", O_RDONLY)) == (-1))
-#endif
-			fd = open("/dev/urandom", O_RDONLY);
-		if (fd != (-1)) {
-			size = read(fd, (char *) &__guard, sizeof(__guard));
-			close(fd);
-			if (size == sizeof(__guard))
-				return;
+#ifdef __SSP_USE_ERANDOM__
+	else {
+		int     i=0, mib[3];
+		mib[0] = CTL_KERN;
+		mib[1] = KERN_RANDOM;
+		mib[2] = RANDOM_ERANDOM;
+		for (i = 0; i < sizeof(__guard) / 4; i++) {
+			size = sizeof(unsigned long);
+			if (__sysctl(mib, 3, &__guard, &size, NULL, 0) == -1)
+				break;
 		}
 	}
 #endif
-	/* If sysctl was unsuccessful, use the "terminator canary". */
-	__guard = 0xFF0A0D00UL;
-
-	/* Everything failed? Or we are using a weakened model of the 
-	 * terminator canary */
-
+#endif /* Quick Canary */
+	if (__guard == 0xFF0A0D00UL) {
 	gettimeofday(&tv, NULL);
 	__guard ^= tv.tv_usec ^ tv.tv_sec;
+	}
 }
 
 void __stack_smash_handler(char func[], int damaged)
@@ -106,13 +93,13 @@
 	sigfillset(&mask);
 
 	sigdelset(&mask, SSP_SIGTYPE);	/* Block all signal handlers */
-	sigprocmask(SIG_BLOCK, &mask, NULL);	/* except SIGABRT */
+	sigprocmask(SIG_BLOCK, &mask, NULL);	/* except SSP_SIGTYPE */
 
-	/* print error message to stderr and syslog */
+	/* Print error message to stderr and syslog */
 	fprintf(stderr, "%s%s%s()\n", __progname, message, func);
 	syslog(LOG_INFO, "%s%s%s()", __progname, message, func);
 
-	/* Make sure the default handler is associated with the our signal handler */
+	/* Make the default handler associated with the signal handler */
 	memset(&sa, 0, sizeof(struct sigaction));
 	sigfillset(&sa.sa_mask);	/* Block all signals */
 	sa.sa_flags = 0;