Index: usr.sbin/newsyslog/newsyslog.c
===================================================================
--- usr.sbin/newsyslog/newsyslog.c
+++ usr.sbin/newsyslog/newsyslog.c
@@ -1193,6 +1193,26 @@
 		if (!sscanf(q, "%o", &working->permissions))
 			errx(1, "error in config file; bad permissions:\n%s",
 			    errline);
+		if ((working->permissions & ~DEFFILEMODE) != 0) {
+			if ((working->permissions & (S_ISUID|S_ISGID)) != 0) {
+				warnx("cowardly refusing to create setuid "
+				    "logfile in line:\n%s", errline);
+				working->permissions &= ~(S_ISUID|S_ISGID);
+			}
+			if ((working->permissions & (S_IXUSR|S_IXGRP|S_IXOTH))
+			    != 0) {
+				warnx("cowardly refusing to create executable "
+				    "logfile in line:\n%s", errline);
+				working->permissions &=
+				    ~(S_IXUSR|S_IXGRP|S_IXOTH);
+			}
+			if ((working->permissions & ~DEFFILEMODE) != 0)
+				warnx("removing unsupported file mode bits 0%o"
+				    " in line:\n%s",
+				    working->permissions & ~DEFFILEMODE,
+				    errline);
+			working->permissions &= DEFFILEMODE;
+		}
 
 		q = parse = missing_field(sob(parse + 1), errline);
 		parse = son(parse);