Index: coregrind/m_commandline.c
===================================================================
--- coregrind/m_commandline.c	(revision 8724)
+++ coregrind/m_commandline.c	(working copy)
@@ -53,16 +53,31 @@
 // Note that we deliberately don't free the malloc'd memory.  See
 // comment at call site.
 
-static HChar* read_dot_valgrindrc ( HChar* dir )
+static HChar* read_dot_valgrindrc ( HChar* dir, Bool checkmode )
 {
    Int    n;
-   SysRes fd;
+   SysRes sr, fd;
    Long   size;
    HChar* f_clo = NULL;
    HChar  filename[VKI_PATH_MAX];
+   struct vg_stat st;
 
    VG_(snprintf)(filename, VKI_PATH_MAX, "%s/.valgrindrc", 
                            ( NULL == dir ? "" : dir ) );
+
+
+   if (checkmode) {
+      sr = VG_(stat)(filename, &st);
+
+      // Do not read the file if it couldn't be stat'd, if it is not owned by the
+      // current user or if it is world writable (CVE-2008-4865)
+      if (sr.isError || (VG_(geteuid)() != st.st_uid) || (st.st_mode & VKI_S_IWOTH))
+      {
+        return NULL;
+      }
+   }
+
+
    fd = VG_(open)(filename, 0, VKI_S_IRUSR);
    if ( !fd.isError ) {
       size = VG_(fsize)(fd.res);
@@ -205,7 +220,7 @@
       // VG_(malloc)().  We do not free f1_clo and f2_clo as they get
       // put into VG_(args_for_valgrind) and so must persist.
       HChar* home    = VG_(getenv)("HOME");
-      HChar* f1_clo  = home ? read_dot_valgrindrc( home ) : NULL;
+      HChar* f1_clo  = home ? read_dot_valgrindrc( home, False ) : NULL;
       HChar* env_clo = VG_(strdup)( "commandline.sua.4",
                                     VG_(getenv)(VALGRIND_OPTS) );
       HChar* f2_clo  = NULL;
@@ -216,7 +231,7 @@
          HChar cwd[VKI_PATH_MAX+1];
          Bool  cwd_ok = VG_(get_startup_wd)(cwd, VKI_PATH_MAX);
          f2_clo = ( (cwd_ok && VG_STREQ(home, cwd))
-                       ? NULL : read_dot_valgrindrc(".") );
+                       ? NULL : read_dot_valgrindrc(".", True) );
       }
 
       if (f1_clo)  add_args_from_string( f1_clo );