--- mysql-5.0.18/mysys/default.c	2005-12-21 22:39:32 +0300
+++ mysql-5.0.18/mysys/default.c.new	2006-01-26 23:54:58 +0300
@@ -623,6 +623,16 @@ static int search_default_file_with_ext(
   if (!(fp= my_fopen(name, O_RDONLY, MYF(0))))
     return 1;					/* Ignore wrong files */
 
+  /* Check for untrusted source. */
+  {
+	  struct stat st;
+	  if (fstat (fileno(fp), &st) < 0)
+		  goto success;
+
+	  if (!getuid() && (st.st_uid || (st.st_mode & 022)))
+		  goto success;
+  }
+  
   while (fgets(buff, sizeof(buff) - 1, fp))
   {
     line++;
@@ -806,6 +816,7 @@ static int search_default_file_with_ext(
         goto err;
     }
   }
+  success:
   my_fclose(fp,MYF(0));
   return(0);
 
@@ -1002,6 +1013,9 @@ static void init_default_directories()
     *ptr++= env;
 #endif
   *ptr++= "/etc/";
+#ifdef DATADIR
+  *ptr++= DATADIR;
+#endif
 #endif
   if ((env= getenv(STRINGIFY_ARG(DEFAULT_HOME_ENV))))
     *ptr++= env;