diff -up emacs-23.1/lib-src/movemail.c.movemail emacs-23.1/lib-src/movemail.c
--- emacs-23.1/lib-src/movemail.c.movemail	2010-03-31 19:18:05.611899443 +0200
+++ emacs-23.1/lib-src/movemail.c	2010-03-31 19:24:29.738754553 +0200
@@ -176,7 +176,9 @@ main (argc, argv)
   int nread;
   int status;
   int c, preserve_mail = 0;
-
+  uid_t real_gid, priv_gid;
+  real_gid = getgid();
+  priv_gid = getegid();
 #ifndef MAIL_USE_SYSTEM_LOCK
   struct stat st;
   long now;
@@ -247,25 +249,6 @@ main (argc, argv)
   if (*outname == 0)
     fatal ("Destination file name is empty", 0, 0);
 
-  /* Check access to output file.  */
-  if (access (outname, F_OK) == 0 && access (outname, W_OK) != 0)
-    pfatal_with_name (outname);
-
-  /* Also check that outname's directory is writable to the real uid.  */
-  {
-    char *buf = (char *) xmalloc (strlen (outname) + 1);
-    char *p;
-    strcpy (buf, outname);
-    p = buf + strlen (buf);
-    while (p > buf && !IS_DIRECTORY_SEP (p[-1]))
-      *--p = 0;
-    if (p == buf)
-      *p++ = '.';
-    if (access (buf, W_OK) != 0)
-      pfatal_with_name (buf);
-    free (buf);
-  }
-
 #ifdef MAIL_USE_POP
   if (!strncmp (inname, "po:", 3))
     {
@@ -277,15 +260,11 @@ main (argc, argv)
       exit (status);
     }
 
-  setuid (getuid ());
+  if (setuid (getuid ()) < 0)
+    fatal ("Failed to drop privileges", 0, 0);
 #endif /* MAIL_USE_POP */
 
 #ifndef DISABLE_DIRECT_ACCESS
-
-  /* Check access to input file.  */
-  if (access (inname, R_OK | W_OK) != 0)
-    pfatal_with_name (inname);
-
 #ifndef MAIL_USE_MMDF
 #ifndef MAIL_USE_SYSTEM_LOCK
 #ifdef MAIL_USE_MAILLOCK
@@ -379,7 +358,8 @@ main (argc, argv)
       time_t touched_lock, now;
 #endif
 
-      setuid (getuid ());
+      if (setuid (getuid ()) < 0 || setegid (real_gid) < 0)
+	fatal("Failed to drop privileges", 0, 0);
 
 #ifndef MAIL_USE_MMDF
 #ifdef MAIL_USE_SYSTEM_LOCK
@@ -405,6 +385,9 @@ main (argc, argv)
       if (outdesc < 0)
 	pfatal_with_name (outname);
 
+      if (setegid (priv_gid) < 0)
+        fatal("Failed to regain privileges", 0, 0);
+
       /* This label exists so we can retry locking
 	 after a delay, if it got EAGAIN or EBUSY.  */
     retry_lock:
@@ -502,6 +485,10 @@ main (argc, argv)
       if (close (outdesc) != 0)
 	pfatal_and_delete (outname);
 
+      /* Prevent symlink attacks truncating other users' mailboxes */
+      if (setegid (real_gid) < 0)
+	fatal("Failed to drop privileges", 0, 0);
+
 #ifdef MAIL_USE_SYSTEM_LOCK
       if (! preserve_mail)
 	{
@@ -529,6 +516,10 @@ main (argc, argv)
 	}
 #endif /* not MAIL_USE_SYSTEM_LOCK */
 
+      /* End of mailbox truncation */
+      if (setegid (priv_gid) < 0)
+	fatal("Failed to regain privileges", 0, 0);
+
 #ifdef MAIL_USE_MAILLOCK
       /* This has to occur in the child, i.e., in the process that
          acquired the lock! */