> > There could be a helper setuid program, man-cache-writer. man would call > > this program and pipe it the catpage. man-cache-writer would just write it's > > stding to the proper place. End of the problems. > > No so simple. You don't want the trusted program trusting the output of > a non-trusted program.
Qhat if the man binary is setgid man, and this utility can only be run by that group? > A start to fix the current problems is to: > 1. drop privs if reading a man page that's not going to be cached > anyway. (E.g., a page in your private home directory.) > 2. and in that case ignore tmpdir. store temporary files in a directory > writable only my user man. That seems sensible.