diff --git a/mysql/mysys/default.c b/mysql/mysys/default.c
index b709b33..6dc5304 100644
--- a/mysql/mysys/default.c
+++ b/mysql/mysys/default.c
@@ -652,6 +652,16 @@ static int search_default_file_with_ext(Process_option_func opt_handler,
   if (!(fp= my_fopen(name, O_RDONLY, MYF(0))))
     return 1;					/* Ignore wrong files */
 
+  /* Check for untrusted source. */
+  {
+	  struct stat st;
+	  if (fstat (fileno(fp), &st) < 0)
+		  goto success;
+
+	  if (!getuid() && (st.st_uid || (st.st_mode & 022)))
+		  goto success;
+  }
+  
   while (fgets(buff, sizeof(buff) - 1, fp))
   {
     line++;
@@ -837,6 +847,7 @@ static int search_default_file_with_ext(Process_option_func opt_handler,
         goto err;
     }
   }
+  success:
   my_fclose(fp,MYF(0));
   return(0);
 
@@ -1087,6 +1098,9 @@ static const char **init_default_directories(MEM_ROOT *alloc)
     errors += add_directory(alloc, DEFAULT_SYSCONFDIR, dirs);
 #endif /* __EMX__ || __OS2__ */
 
+#ifdef MYSQL_DATADIR
+    errors += add_directory(alloc, MYSQL_DATADIR, dirs);
+#endif
 #endif
 
   if ((env= getenv(STRINGIFY_ARG(DEFAULT_HOME_ENV))))