diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4d5e59a..739034d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,11 @@
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 1.6.1
+### Changed
+- restrict temporary volumes used with docker plugins
+- restrict environment variables used with docker plugins
+
 ## 1.6.0
 ### Added
 - experimental support for remote debugging with tmate, disabled by default
diff --git a/engine/compiler/compiler.go b/engine/compiler/compiler.go
index 69a9aaa..6d9362c 100644
--- a/engine/compiler/compiler.go
+++ b/engine/compiler/compiler.go
@@ -123,6 +123,14 @@ func (c *Compiler) Compile(ctx context.Context, args runtime.CompilerArgs) runti
 	// create the workspace paths
 	base, path, full := createWorkspace(pipeline)
 
+	// reset the workspace path if attempting to mount
+	// volumes that are internal use only.
+	if isRestrictedVolume(full) {
+		base = "/drone/src"
+		path = ""
+		full = "/drone/src"
+	}
+
 	// if the source code is mounted from the host, the
 	// target mount path inside the container must be the
 	// full workspace path.
@@ -504,13 +512,24 @@ func (c *Compiler) isPrivileged(step *resource.Step) bool {
 	if len(step.Entrypoint) > 0 {
 		return false
 	}
+	if len(step.Volumes) > 0 {
+		return false
+	}
 	// privileged-by-default mode is disabled if the
-	// pipeline step mounts a restricted volume.
+	// pipeline step mounts a volume restricted for
+	// internal use only.
+	// note: this is deprecated.
 	for _, mount := range step.Volumes {
 		if isRestrictedVolume(mount.MountPath) {
 			return false
 		}
 	}
+	// privileged-by-default mode is disabled if the
+	// pipeline step attempts to use an environment
+	// variable restricted for internal use only.
+	if isRestrictedVariable(step.Environment) {
+		return false
+	}
 	// if the container image matches any image
 	// in the whitelist, return true.
 	for _, img := range c.Privileged {