File man-db-2.5.1-security4.dif of Package man

--- src/mandb.c
+++ src/mandb.c	2008-04-21 13:06:01.440910914 +0200
@@ -36,6 +36,7 @@
 #include <errno.h>
 #include <sys/types.h>
 #include <sys/stat.h>	/* for chmod() */
+#include <fcntl.h>	/* for open () */
 #include <dirent.h>
 #include <unistd.h>
 
@@ -414,11 +415,20 @@ static short mandb (const char *catpath,
 	char pid[23];
 	short amount;
 	char *dbname;
+	int fd;
 
 	dbname = mkdbname (catpath);
 	sprintf (pid, "%d", getpid ());
 	database = appendstr (NULL, catpath, "/", pid, NULL);
-	
+
+	/* Just for the case that catpath isn't a system catpath */
+	drop_effective_privs ();
+	fd = open (database, O_WRONLY | O_CREAT | O_EXCL, 0644);
+	regain_effective_privs ();
+	if (fd < 0)
+		error (FATAL, errno, _("can't create a temporary filename"));
+	close(fd);
+
 	if (!quiet) 
 		printf (_("Processing manual pages under %s...\n"), manpath);
 #ifdef NDBM
openSUSE Build Service is sponsored by