Re: our broken man package
> > There could be a helper setuid program, man-cache-writer. man would call
> > this program and pipe it the catpage. man-cache-writer would just write it's
> > stding to the proper place. End of the problems.
> No so simple. You don't want the trusted program trusting the output of
> a non-trusted program.
Qhat if the man binary is setgid man, and this utility can only be run by
> A start to fix the current problems is to:
> 1. drop privs if reading a man page that's not going to be cached
> anyway. (E.g., a page in your private home directory.)
> 2. and in that case ignore tmpdir. store temporary files in a directory
> writable only my user man.
That seems sensible.