--- src/command.c
+++ src/command.c
@@ -2878,7 +2878,7 @@
     unsigned char   buf[256];
 
     va_start(arg_ptr, fmt);
-    vsprintf((char *)buf, fmt, arg_ptr);
+    vsnprintf((char *)buf, sizeof(buf), fmt, arg_ptr);
     va_end(arg_ptr);
     rxvt_tt_write(r, buf, (unsigned int)STRLEN(buf));
 }
--- src/main.c
+++ src/main.c
@@ -291,10 +291,14 @@
 	break;
     }
 # else
+# error Warning, no seteuid/setegid avaliable
     switch (mode) {
     case IGNORE:
-	setuid(getuid());
-	setgid(getgid());
+	if (setgid(getgid()) < 0)
+		exit(1);
+	if (setuid(getuid()) < 0)
+		exit(1);
+	
     /* FALLTHROUGH */
     case SAVE:
     /* FALLTHROUGH */
--- src/xdefaults.c
+++ src/xdefaults.c
@@ -810,7 +810,7 @@
 	    ptr = ".";
 
 	for (i = 0; i < (sizeof(xnames) / sizeof(xnames[0])); i++) {
-	    sprintf(fname, "%-.*s/%s", sizeof(fname) - STRLEN(xnames[i]) - 2,
+	    snprintf(fname, sizeof(fname), "%-.*s/%s", sizeof(fname) - STRLEN(xnames[i]) - 2,
 		    ptr, xnames[i]);
 	    if ((rdb1 = XrmGetFileDatabase(fname)) != NULL) {
 		XrmMergeDatabases(rdb1, &database);