--- inn-2.3.1/innd/inndstart.c.sec	Thu Jan 11 09:55:23 2001
+++ inn-2.3.1/innd/inndstart.c	Mon Jan 22 15:01:08 2001
@@ -192,9 +192,10 @@
     if (ReadInnConf() < 0) exit(1);
 
     /* Ensure that pathrun exists and that it has the right ownership. */
-    if (stat(innconf->pathrun, &Sb) < 0) {
-        syslog(L_FATAL, "can't stat pathrun (%s): %m", innconf->pathrun);
-        fprintf(stderr, "Can't stat pathrun (%s): %s\n", innconf->pathrun,
+    /* hardcode dirname to avoid security problems - notting 1999/05/21 */
+    if (stat("/var/run/news", &Sb) < 0) {
+        syslog(L_FATAL, "can't stat pathrun (/var/run/news): %m");
+        fprintf(stderr, "Can't stat pathrun (/var/run/news): %s\n",
                 strerror(errno));
         exit(1);
     }