diff --git a/ChangeLog b/ChangeLog
index 806c27b054..be94f252aa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Thu Jul 11 12:59:23 2002  Shugo Maeda  <shugo@ruby-lang.org>
+
+	* lib/resolv.rb: untaint strings read from /etc/hosts and
+	/etc/resolv.conf to prevent SecurityError when $SAFE==1.
+
 Tue Jul  9 20:03:55 2002 Keiju Ishitsuka <keiju@ishitsuka.com>
 
 	* irb 0.9
diff --git a/lib/resolv.rb b/lib/resolv.rb
index 83246a135d..6316909583 100644
--- a/lib/resolv.rb
+++ b/lib/resolv.rb
@@ -284,12 +284,15 @@ class Resolv
               line.sub!(/#.*/, '')
               addr, hostname, *aliases = line.split(/\s+/)
               next unless addr
+	      addr.untaint
+	      hostname.untaint
               @addr2name[addr] = [] unless @addr2name.include? addr
               @addr2name[addr] << hostname
               @addr2name[addr] += aliases
               @name2addr[hostname] = [] unless @name2addr.include? hostname
               @name2addr[hostname] << addr
               aliases.each {|n|
+		n.untaint
                 @name2addr[n] = [] unless @name2addr.include? n
                 @name2addr[n] << addr
               }
@@ -689,6 +692,9 @@ class Resolv
                 f.each {|line|
                   line.sub!(/[#;].*/, '')
                   keyword, *args = line.split(/\s+/)
+		  args.each { |arg|
+		    arg.untaint
+		  }
                   next unless keyword
                   case keyword
                   when 'nameserver'