On Fri, Jan 05, 2001 at 01:09:17AM -0300, Nicolás Lichtmaier wrote: > There could be a helper setuid program, man-cache-writer. man would call > this program and pipe it the catpage. man-cache-writer would just write it's > stding to the proper place. End of the problems.
No so simple. You don't want the trusted program trusting the output of a non-trusted program. A start to fix the current problems is to: 1. drop privs if reading a man page that's not going to be cached anyway. (E.g., a page in your private home directory.) 2. and in that case ignore tmpdir. store temporary files in a directory writable only my user man. -- Mike Stone