diff --git a/ChangeLog b/ChangeLog
index e94661fc3d..030fbf3cd9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Sat Jun 12 10:02:26 2010  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* io.c (rb_f_syscall): should check argument string taint before
+	  invoking system calls.
+
 Thu Jun 10 14:45:28 2010  KOSAKI Motohiro  <kosaki.motohiro@gmail.com>
 
 	* ext/dl/dl.c (rb_dl_strdup): strdup() only allocates a buffer of
diff --git a/io.c b/io.c
index 3adca313a5..f7f17c85fb 100644
--- a/io.c
+++ b/io.c
@@ -5250,7 +5250,7 @@ rb_f_syscall(argc, argv)
 	VALUE v = rb_check_string_type(*argv);
 
 	if (!NIL_P(v)) {
-	    StringValue(v);
+	    SafeStringValue(v);
 	    rb_str_modify(v);
 	    arg[i] = (unsigned long)StringValueCStr(v);
 	}