diff --git a/clamav-devel/ChangeLog b/clamav-devel/ChangeLog
index da1f718a4..133b977d1 100644
--- a/clamav-devel/ChangeLog
+++ b/clamav-devel/ChangeLog
@@ -1,3 +1,10 @@
+Fri Apr 29 00:42:45 CEST 2005 (tk)
+----------------------------------
+  * shared/misc.c: (Mac OS X only) execute ditto with execl to eliminate
+		   potential security problem on multi-user OS X versions
+		   (reported by Tim Morgan <tim*sentinelchicken.org> and
+		   Kevin Amorin <kamorin*ccs.neu.edu>)
+
 Thu Apr 28 15:50:01 BST 2005 (njh)
 ----------------------------------
   * libclamav/mbox.c:	Work around to handle long lines transmitted by
diff --git a/clamav-devel/shared/misc.c b/clamav-devel/shared/misc.c
index 29feed068..1e169c1a2 100644
--- a/clamav-devel/shared/misc.c
+++ b/clamav-devel/shared/misc.c
@@ -107,17 +107,22 @@ int filecopy(const char *src, const char *dest)
 {
 
 #ifdef C_DARWIN
-    /* On Mac OS X use ditto and copy resource fork, too. */
-    char *ditto = (char *) mcalloc(strlen(src) + strlen(dest) + 30, sizeof(char));
-    sprintf(ditto, "/usr/bin/ditto --rsrc %s %s", src, dest);
+	pid_t pid;
 
-    if(system(ditto)) {
-	free(ditto);
-	return -1;
+    /* On Mac OS X use ditto and copy resource fork, too. */
+    switch(pid = fork()) {
+	case -1:
+	    return -1;
+	case 0:
+	    execl("/usr/bin/ditto", "ditto", "--rsrc", src, dest, NULL);
+	    perror("execv(ditto)");
+	    break;
+	default:
+	    wait(NULL);
+	    return 0;
     }
 
-    free(ditto);
-    return 0;
+    return -1;
 
 #else
 	char buffer[FILEBUFF];