diff --git a/util/ChangeLog b/util/ChangeLog
index c6d64aa6a..48d216e74 100644
--- a/util/ChangeLog
+++ b/util/ChangeLog
@@ -1,3 +1,7 @@
+Thu Jun  8 20:22:00 CEST 2000  Werner Koch  <wk@openit.de>
+
+  * secmem.c (lock_pool,secmem_init): Additional check for dropped privs.
+
 Tue May 30 16:37:55 CEST 2000  Werner Koch  <wk@openit.de>
 
   * iobuf.c (iobuf_cancel): Fix for MSDOS.
diff --git a/util/secmem.c b/util/secmem.c
index 54836cbcf..8b80370c1 100644
--- a/util/secmem.c
+++ b/util/secmem.c
@@ -128,7 +128,9 @@ lock_pool( void *p, size_t n )
   #endif
 
     if( uid && !geteuid() ) {
-	if( setuid( uid ) || getuid() != geteuid()  )
+	/* check that we really dropped the privs.
+	 * Note: setuid(0) should always fail */
+	if( setuid( uid ) || getuid() != geteuid() || !setuid(0) )
 	    log_fatal("failed to reset uid: %s\n", strerror(errno));
     }
 
@@ -260,7 +262,7 @@ secmem_init( size_t n )
 	disable_secmem=1;
 	uid = getuid();
 	if( uid != geteuid() ) {
-	    if( setuid( uid ) || getuid() != geteuid() )
+	    if( setuid( uid ) || getuid() != geteuid() || !setuid(0) )
 		log_fatal("failed to drop setuid\n" );
 	}
       #endif