--- a/src/master/settings.c	Sat Dec 21 14:35:34 2002 +0200
+++ b/src/master/settings.c	Sat Dec 21 14:42:36 2002 +0200
@@ -233,7 +233,7 @@
 
 	/* since they're under /var/run by default, they may have been
 	   deleted. */
-	if (safe_mkdir(PKG_RUNDIR, 0700, 0, 0) == 0) {
+	if (safe_mkdir(PKG_RUNDIR, 0700, geteuid(), getegid()) == 0) {
 		i_warning("Corrected permissions for base directory %s",
 			  PKG_RUNDIR);
 	}

--- a/src/master/ssl-init.c	Sat Dec 21 14:35:34 2002 +0200
+++ b/src/master/ssl-init.c	Sat Dec 21 14:42:36 2002 +0200
@@ -67,13 +67,14 @@
 static void check_parameters_file(void)
 {
 	struct stat st;
+	time_t regen_time;
 
 	if (set_ssl_parameters_file == NULL || set_ssl_disable || generating)
 		return;
 
-	if (stat(set_ssl_parameters_file, &st) != 0) {
+	if (lstat(set_ssl_parameters_file, &st) < 0) {
 		if (errno != ENOENT) {
-			i_error("stat() failed for SSL parameters file %s: %m",
+			i_error("lstat() failed for SSL parameters file %s: %m",
 				set_ssl_parameters_file);
 			return;
 		}
@@ -81,8 +82,10 @@
 		st.st_mtime = 0;
 	}
 
-	if (st.st_mtime +
-	    (time_t)(set_ssl_parameters_regenerate*3600) < ioloop_time)
+	/* make sure it's new enough and the permissions are correct */
+        regen_time = st.st_mtime + (time_t)(set_ssl_parameters_regenerate*3600);
+	if (regen_time < ioloop_time || (st.st_mode & 077) != 0 ||
+	    st.st_uid != geteuid() || st.st_gid != getegid())
 		start_generate_process();
 }