Apply to source tree by doing:
	cd /usr/src
	patch -p0 < 016_recover.patch

Apply to binary tree by doing:
	cd /usr/libexec
	patch -p3 vi.recover < 016_recover.patch
	rm vi.recover.orig	# if patch succeeds

Index: usr.bin/vi/build/recover
===================================================================
RCS file: /cvs/src/usr.bin/vi/build/recover,v
retrieving revision 1.7
retrieving revision 1.9
diff -u -r1.7 -r1.9
--- usr.bin/vi/build/recover	11 Jan 2001 04:56:52 -0000	1.7
+++ usr.bin/vi/build/recover	6 Nov 2001 23:31:08 -0000	1.9
@@ -78,6 +78,7 @@
 		close(RECFILE);
 		next;
 	}
+	$owner = (stat(_))[4];
 	if (! -f _ || ! -s _) {
 		unlink($file) unless -d _;
 		close(RECFILE);
@@ -95,16 +96,31 @@
 	# Delete any recovery files that have no (or more than one)
 	# corresponding backup file.
 	#
-	@backups = grep(/^X-vi-recover-path:/, @recfile);
-	unlink($file) unless $#backups == 0;
+	@backups = grep(m#^X-vi-recover-path:\s*\Q$recoverdir\E/+#, @recfile);
+	if (@backups != 1) {
+		unlink($file);
+		next;
+	}
 
 	#
-	# If recovery file is zero length, remove it.
-	# Else send mail to the user.
+	# Make a copy of the backup file path.
+	# We must not modify @backups directly since it contains
+	# references to data in @recfile which we pipe to sendmail.
 	#
-	$backups[0] =~ /^X-vi-recover-path:\s*(.*)[\r\n]*$/;
+	$backups[0] =~ m#^X-vi-recover-path:\s*\Q$recoverdir\E/+(.*)[\r\n]*$#;
 	$backup = $1;
-	if (! -s $backup) {
+
+	#
+	# If backup file is not rooted in the recover dir, ignore it.
+	# If backup file owner doesn't match recovery file owner, ignore it.
+	# If backup file is zero length or not a regular file, remove it.
+	# Else send mail to the user.
+	#
+	if ($backup =~ m#/# || !lstat($backup)) {
+		unlink($file);
+	} elsif ($owner != 0 && (stat(_))[4] != $owner) {
+		unlink($file);
+	} elsif (! -f _ || ! -s _) {
 		unlink($file, $backup);
 	} else {
 		open(SENDMAIL, "|$sendmail -t") ||