--- src/cfkey.c	2006-02-28 00:04:26.000000000 +0000
+++ src/cfkey.c	2006-02-28 00:25:38.000000000 +0000
@@ -34,12 +34,12 @@
 
 char CFLOCK[CF_BUFSIZE];
 
-void Initialize ARGLIST((void));
+void Initialize ARGLIST((const char *));
 int RecursiveTidySpecialArea ARGLIST((char *name, struct Tidy *tp, int maxrecurse, struct stat *sb));
 
 /*****************************************************************************/
 
-int main()
+int main(int argc, char **argv)
 
 { unsigned long err;
   RSA *pair;
@@ -50,7 +50,12 @@
   EVP_CIPHER *cipher = EVP_des_ede3_cbc();
 
 
-Initialize();
+  if (argc > 1)
+    if (argv[1][0] != '/') {
+      fprintf(stderr, "%s: Must use explicit full paths when using a root prefix\n", argv[1]);
+      exit(1);
+    }
+Initialize(argc > 1 ? argv[1] : "");
  
 if (stat(CFPRIVKEYFILE,&statbuf) != -1)
    {
@@ -143,13 +148,14 @@
 /* Level 1                                                         */
 /*******************************************************************/
 
-void Initialize()
+void Initialize(const char *root)
 
 {
-umask(077);
+  umask(077);
+
  /* XXX Initialize workdir for non privileged users */
 
- strcpy(CFWORKDIR,WORKDIR);
+ snprintf(CFWORKDIR, sizeof(CFWORKDIR), "%s%s", root, WORKDIR);
 
  if (geteuid() > 0)
     {