Added setreuid() calls so that shell escapes work.

The effective ID's need to be set to the real ID's before invoking
a shell for security reasons.

gnu/usr.bin/man/man/Makefile

@@ -16,7 +16,8 @@ MAN1=   ${.CURDIR}/man.1
 .endif
 
 DPADD+=  ${MAN1}
-CFLAGS+= -I${.CURDIR}/../lib -DSTDC_HEADERS -DPOSIX -DHAS_TROFF -DDO_UNCOMPRESS -DALT_SYSTEMS
+CFLAGS+= -I${.CURDIR}/../lib -DSTDC_HEADERS -DPOSIX -DHAS_TROFF 
+CFLAGS+= -DDO_UNCOMPRESS -DALT_SYSTEMS -DSETREUID -DCATMODE=664
 CLEANFILES+=	${MAN1}
 
 ${MAN1}: ${.CURDIR}/man.man

gnu/usr.bin/man/man/man.c

@@ -16,6 +16,7 @@
 
 #define MAN_MAIN
 
+#include <sys/types.h>
 #include <stdio.h>
 #include <ctype.h>
 #include <string.h>
@@ -104,6 +105,13 @@ static char args[] = "M:P:S:adfhkp:w?";
 #endif
 #endif
 
+#ifdef SETREUID
+uid_t ruid;
+uid_t euid;
+uid_t rgid;
+uid_t egid;
+#endif
+
 int
 main (argc, argv)
      int argc;
@@ -138,6 +146,15 @@ main (argc, argv)
 	gripe_no_name (tmp);
     }
 
+#ifdef SETREUID
+  ruid = getuid();
+  rgid = getgid();
+  euid = geteuid();
+  egid = getegid();
+  setreuid(-1, ruid);
+  setregid(-1, rgid);
+#endif
+
   while (optind < argc)
     {
       nextarg = argv[optind++];
@@ -1136,7 +1153,28 @@ format_and_display (path, man_file, cat_file)
 	    }
 	  else
 	    {
+
+#ifdef SETREUID
+	      setreuid(-1, euid);
+	      setregid(-1, egid);
+#endif
+
 	      found = make_cat_file (path, man_file, cat_file);
+
+#ifdef SETREUID
+	      setreuid(-1, ruid);
+	      setregid(-1, rgid);
+
+	      if (!found)
+	        {
+		  /* Try again as real user - see note below.
+		     By running with 
+		       effective group (user) ID == real group (user) ID
+		     except for the call above, I believe the problems
+		     of reading private man pages is avoided.  */
+		  found = make_cat_file (path, man_file, cat_file);
+	        }
+#endif
 #ifdef SECURE_MAN_UID
 	      if (!found)
 		{