File man-db-2.7.1-security4.dif of Package man.29950

---
 src/mandb.c |   12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

--- src/mandb.c
+++ src/mandb.c	2016-12-16 07:14:50.995017235 +0000
@@ -439,17 +439,26 @@ static int mandb (struct dbpaths *dbpath
 	int ret, amount;
 	char *dbname;
 	int should_create;
+	int fd;
 
 	dbname = mkdbname (catpath);
 	database = xasprintf ("%s/%d", catpath, getpid ());
 
+	/* Just for the case that catpath isn't a system catpath */
+	drop_effective_privs ();
+	fd = open (database, O_WRONLY | O_CREAT | O_EXCL, 0644);
+	regain_effective_privs ();
+	if (fd < 0)
+		error (FATAL, errno, _("can't create a temporary filename"));
+	close(fd);
+
 	if (!quiet) 
 		printf (_("Processing manual pages under %s...\n"), manpath);
 
 	if (!STREQ (catpath, manpath)) {
 		char *cachedir_tag;
-		int fd;
 
+		drop_effective_privs ();
 		cachedir_tag = xasprintf ("%s/CACHEDIR.TAG", catpath);
 		fd = open (cachedir_tag, O_RDONLY);
 		if (fd < 0) {
@@ -467,6 +476,7 @@ static int mandb (struct dbpaths *dbpath
 		if (global_manpath)
 			chown_if_possible (cachedir_tag);
 		check_chmod (cachedir_tag, DBMODE);
+		regain_effective_privs ();
 		free (cachedir_tag);
 	}