------------------
--- amavisd~	Thu Dec 16 16:07:25 2004
+++ amavisd	Fri Dec 17 16:28:44 2004
@@ -5421,16 +5421,27 @@
             "  http://www.ijs.si/software/amavisd/#net-server-sec",
             "or start as non-root, e.g. by su(1) or using option -u user");
-  }
-  if ($daemon_chroot_dir eq '') {
+  } elsif ($daemon_chroot_dir eq '') {
+    # A quick check on vulnerability/protection of a config file
+    # (non-exhaustive: doesn't test for symlink tricks and higher directories).
+    # The config file has already been executed by now, so it may be
+    # too late to feel sorry now, but better late then never.
     for my $config_file (@config_files) {
-      my($errn) = stat($config_file) ? 0 : 0+$!;
-      if ($errn) {  # not accessible, don't bother
-      } elsif (-w _) {
-        push(@msg, "Config file \"$config_file\" is writable ".
-                   "by EUID $>, EGID $)" );
-      } elsif (rename($config_file, $config_file)) {
-        push(@msg, "Directory of a config file \"$config_file\" is writable ".
-                   "by EUID $>, EGID $)" );
+      my($fh) = IO::File->new;
+      my($errn) = lstat($config_file) ? 0 : 0+$!;
+      if ($errn) {  # not accessible, don't bother to test further
+      } elsif ($fh->open($config_file,'+<')) {
+        push(@msg, "Config file \"$config_file\" is writable, ".
+                   "UID $<, EUID $>, EGID $)" );
+        $fh->close;  # close, ignoring status
+      } elsif (rename($config_file, $config_file.'.moved')) {
+        my($m) = 'appears writable (unconfirmed)';
+        if (!-e $config_file && -e $config_file.'.moved') {
+          rename($config_file.'.moved', $config_file);  # try to rename back
+          $m = 'is writable (confirmed)';
+        }
+        push(@msg, "Directory of a config file \"$config_file\" $m, ".
+                   "UID $<, EUID $>, EGID $)" );
       }
+      last  if @msg;
     }
   }
------------------