--- docs/xml/manual-core.xml
+++ docs/xml/manual-core.xml
@@ -1255,7 +1255,9 @@ processed earlier; for example, options
 precedence over those in
 <computeroutput>~/.valgrindrc</computeroutput>.  The first two
 are particularly useful for setting the default tool to
-use.</para>
+use. Please note that the .valgrindrc file is ignored if
+it is world writeable or not owned by the current user.
+</para>
 
 <para>Any tool-specific options put in
 <computeroutput>$VALGRIND_OPTS</computeroutput> or the
--- coregrind/m_commandline.c
+++ coregrind/m_commandline.c
@@ -57,23 +57,33 @@ static HChar* read_dot_valgrindrc ( HCha
 {
    Int    n;
    SysRes fd;
-   Int    size;
+   struct vki_stat stat_buf;
    HChar* f_clo = NULL;
    HChar  filename[VKI_PATH_MAX];
 
    VG_(snprintf)(filename, VKI_PATH_MAX, "%s/.valgrindrc", 
                            ( NULL == dir ? "" : dir ) );
    fd = VG_(open)(filename, 0, VKI_S_IRUSR);
+
    if ( !fd.isError ) {
-      size = VG_(fsize)(fd.res);
-      if (size > 0) {
-         f_clo = VG_(malloc)(size+1);
-         vg_assert(f_clo);
-         n = VG_(read)(fd.res, f_clo, size);
-         if (n == -1) n = 0;
-         vg_assert(n >= 0 && n <= size+1);
-         f_clo[n] = '\0';
+      Int res = VG_(fstat)( fd.res, &stat_buf );
+      // Ignore if not owned by current user or world writeable (CVE-2008-4865)
+      if (!res && stat_buf.st_uid == VG_(geteuid)()
+          && (!(stat_buf.st_mode & VKI_S_IWOTH))) {
+         if ( stat_buf.st_size > 0) {
+            f_clo = VG_(malloc)(stat_buf.st_size+1);
+            vg_assert(f_clo);
+            n = VG_(read)(fd.res, f_clo, stat_buf.st_size);
+            if (n == -1) n = 0;
+            vg_assert(n >= 0 && n <= stat_buf.st_size+1);
+            f_clo[n] = '\0';
+         }
       }
+      else
+         VG_(message)(Vg_UserMsg,
+               "%s was not read as it is world writeable or not owned by the "
+               "current user", filename);
+
       VG_(close)(fd.res);
    }
    return f_clo;