diff --git a/src/configure.c b/src/configure.c
index 1a8153d..08aacb8 100644
--- a/src/configure.c
+++ b/src/configure.c
@@ -1,5 +1,5 @@
 /* $Id$ */
-/* Copyright (c) 2009 Pierre Pronchery <khorben@defora.org> */
+/* Copyright (c) 2010 Pierre Pronchery <khorben@defora.org> */
 /* This file is part of DeforaOS Devel configure */
 /* This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -331,7 +331,8 @@ static int _usage(void)
   -i	Include files directory (default: \"", prefs.includedir, "\")\n\
   -l	Library files directory (default: \"", prefs.libdir, "\")\n\
   -O	Force Operating System (default: auto-detected)\n\
-  -p	Installation directory prefix (default: \"", prefs.prefix, "\")\n");
+  -p	Installation directory prefix (default: \"", prefs.prefix, "\")\n\
+  -S	Warn about security risks\n");
 	return 1;
 }
 
@@ -343,7 +344,7 @@ int main(int argc, char * argv[])
 	int o;
 
 	_prefs_init(&prefs);
-	while((o = getopt(argc, argv, "d:i:l:nO:p:v")) != -1)
+	while((o = getopt(argc, argv, "d:i:l:nO:p:Sv")) != -1)
 		switch(o)
 		{
 			case 'b':
@@ -367,6 +368,9 @@ int main(int argc, char * argv[])
 			case 'p':
 				prefs.prefix = optarg;
 				break;
+			case 'S':
+				prefs.flags |= PREFS_S;
+				break;
 			case 'v':
 				prefs.flags |= PREFS_v;
 				break;
diff --git a/src/configure.h b/src/configure.h
index 001d819..7e8ca15 100644
--- a/src/configure.h
+++ b/src/configure.h
@@ -104,7 +104,8 @@ typedef struct _Prefs
 	char * os;
 } Prefs;
 # define PREFS_n	0x1
-# define PREFS_v	0x2
+# define PREFS_S	0x2
+# define PREFS_v	0x4
 typedef struct _Configure
 {
 	Prefs * prefs;
diff --git a/src/makefile.c b/src/makefile.c
index c6a522a..afffc73 100644
--- a/src/makefile.c
+++ b/src/makefile.c
@@ -1,5 +1,5 @@
 /* $Id$ */
-/* Copyright (c) 2009 Pierre Pronchery <khorben@defora.org> */
+/* Copyright (c) 2010 Pierre Pronchery <khorben@defora.org> */
 /* This file is part of DeforaOS Devel configure */
 /* This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -12,6 +12,8 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>. */
+/* TODO:
+ * - only check the PREFS_n flags inside a wrapper around fputs()/fprintf() */
 
 
 
@@ -1131,6 +1133,10 @@ static int _target_script(Configure * configure, FILE * fp,
 				": No script for target\n");
 		return 1;
 	}
+	if(configure->prefs->flags & PREFS_S)
+		error_set_print(PACKAGE, 0, "%s: %s%s%s", target, "the \"",
+				script,
+				"\" script is executed while compiling");
 	if(configure->prefs->flags & PREFS_n)
 		return 0;
 	fprintf(fp, "\n%s:", target);
@@ -1746,8 +1752,11 @@ static int _install_include(Config * config, FILE * fp, String const * include)
 	return 0;
 }
 
+static int _dist_check(Configure * configure, char const * target,
+		char const * mode);
 static int _install_dist(Configure * configure, FILE * fp)
 {
+	int ret = 0;
 	String const * p;
 	String * dist;
 	String * q;
@@ -1769,6 +1778,7 @@ static int _install_dist(Configure * configure, FILE * fp)
 		dist[i] = '\0';
 		if((m = config_get(configure->config, dist, "mode")) == NULL)
 			m = "0644";
+		ret |= _dist_check(configure, dist, m);
 		if((d = config_get(configure->config, dist, "install")) != NULL)
 		{
 			fprintf(fp, "%s%s\n", "\t$(MKDIR) $(DESTDIR)", d);
@@ -1781,6 +1791,34 @@ static int _install_dist(Configure * configure, FILE * fp)
 		i = 0;
 	}
 	string_delete(q);
+	return ret;
+}
+
+static int _dist_check(Configure * configure, char const * target,
+		char const * mode)
+{
+	char * p;
+	mode_t m;
+
+	m = strtol(mode, &p, 8);
+	if(mode[0] == '\0' || *p != '\0')
+		return error_set_print(PACKAGE, 1, "%s: %s%s%s", target,
+				"Invalid permissions \"", mode, "\"");
+	if((configure->prefs->flags & PREFS_S) && (m & 04000))
+		error_set_print(PACKAGE, 0, "%s: %s", target,
+				"Installed as a SUID file");
+	if((configure->prefs->flags & PREFS_S) && (m & 04000))
+		error_set_print(PACKAGE, 0, "%s: %s", target,
+				"Installed as a SGID file");
+	if((configure->prefs->flags & PREFS_S) && (m & 0111))
+		error_set_print(PACKAGE, 0, "%s: %s", target,
+				"Installed as an executable file");
+	if((configure->prefs->flags & PREFS_S) && (m & 0020))
+		error_set_print(PACKAGE, 0, "%s: %s", target,
+				"Installed as a group-writable file");
+	if((configure->prefs->flags & PREFS_S) && (m & 0002))
+		error_set_print(PACKAGE, 0, "%s: %s", target,
+				"Installed as a writable file");
 	return 0;
 }