=== modified file 'Makefile'
--- Makefile	2011-10-15 16:48:03 +0000
+++ Makefile	2011-11-24 21:12:35 +0000
@@ -250,7 +250,7 @@
 	@echo "###################################################################"
 	./plugin-runner --plugin-dir=plugins.d \
 		--config-file=plugin-runner.conf \
-		--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt \
+		--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \
 		$(CLIENTARGS)
 
 # Used by run-client

=== modified file 'plugin-runner.c'
--- plugin-runner.c	2011-10-09 12:32:13 +0000
+++ plugin-runner.c	2011-11-24 21:12:35 +0000
@@ -742,7 +742,7 @@
     }
   }
   
-  {
+  if(getuid() == 0){
     /* Work around Debian bug #633582:
        <http://bugs.debian.org/633582> */
     int plugindir_fd = open(/* plugindir or */ PDIR, O_RDONLY);

=== modified file 'plugins.d/mandos-client.c'
--- plugins.d/mandos-client.c	2011-11-14 20:55:32 +0000
+++ plugins.d/mandos-client.c	2011-11-24 21:12:35 +0000
@@ -1388,13 +1388,17 @@
   } else {
     int devnull = open("/dev/null", O_RDONLY);
     for(int i = 0; i < numhooks; i++){
-      direntry = direntries[0];
+      direntry = direntries[i];
       char *fullname = NULL;
       ret = asprintf(&fullname, "%s/%s", hookdir, direntry->d_name);
       if(ret < 0){
 	perror_plus("asprintf");
 	continue;
       }
+      if(debug){
+	fprintf_plus(stderr, "Running network hook \"%s\"\n",
+		     direntry->d_name);
+      }
       pid_t hook_pid = fork();
       if(hook_pid == 0){
 	/* Child */
@@ -1669,7 +1673,7 @@
     }
   }
     
-  {
+  if(getuid() == 0){
     /* Work around Debian bug #633582:
        <http://bugs.debian.org/633582> */
     struct stat st;
@@ -1733,20 +1737,24 @@
   
   /* Run network hooks */
   {
-    /* Re-raise priviliges */
-    errno = 0;
-    ret = seteuid(0);
-    if(ret == -1){
-      perror_plus("seteuid");
+    if(getuid() == 0){
+      /* Re-raise priviliges */
+      errno = 0;
+      ret = seteuid(0);
+      if(ret == -1){
+	perror_plus("seteuid");
+      }
     }
     if(not run_network_hooks("start", interface, delay)){
       goto end;
     }
-    /* Lower privileges */
-    errno = 0;
-    ret = seteuid(uid);
-    if(ret == -1){
-      perror_plus("seteuid");
+    if(getuid() == 0){
+      /* Lower privileges */
+      errno = 0;
+      ret = seteuid(uid);
+      if(ret == -1){
+	perror_plus("seteuid");
+      }
     }
   }
   
@@ -2206,10 +2214,12 @@
   
   /* Re-raise priviliges */
   {
-    errno = 0;
-    ret = seteuid(0);
-    if(ret == -1){
-      perror_plus("seteuid");
+    if(getuid() == 0){
+      errno = 0;
+      ret = seteuid(0);
+      if(ret == -1){
+	perror_plus("seteuid");
+      }
     }
     /* Run network hooks */
     if(not run_network_hooks("stop", interface, delay)){
@@ -2234,11 +2244,13 @@
       }
     }
   }
-  /* Lower privileges permanently */
-  errno = 0;
-  ret = setuid(uid);
-  if(ret == -1){
-    perror_plus("setuid");
+  if(getuid() == 0){
+    /* Lower privileges permanently */
+    errno = 0;
+    ret = setuid(uid);
+    if(ret == -1){
+      perror_plus("setuid");
+    }
   }
   
   /* Removes the GPGME temp directory and all files inside */