diff --git a/main.cc b/main.cc
index 08a1b0278..00e35abde 100644
--- a/main.cc
+++ b/main.cc
@@ -132,6 +132,15 @@ extern NmapOps o;  /* option structure */
 
 extern void set_program_name(const char *name);
 
+/* Show a warning when running setuid or setgid, as this allows code execution
+   (for example NSE scripts) as the owner/group. */
+static void check_setugid(void) {
+  if (getuid() != geteuid())
+    log_write(LOG_PLAIN, "WARNING: Running Nmap setuid, as you are doing, is a major security risk.\n");
+  if (getgid() != getegid())
+    log_write(LOG_PLAIN, "WARNING: Running Nmap setgid, as you are doing, is a major security risk.\n");
+}
+
 int main(int argc, char *argv[]) {
   /* The "real" main is nmap_main().  This function hijacks control at the
      beginning to do the following:
@@ -148,6 +157,9 @@ int main(int argc, char *argv[]) {
 
   set_program_name(argv[0]);
 
+  /* Warn if setuid/setgid. */
+  check_setugid();
+
 #ifdef __amigaos__
 	if(!OpenLibs()) {
 		error("Couldn't open TCP/IP Stack Library(s)!");