From e5082edc10b12a5c87452f1bffef085390033289 Mon Sep 17 00:00:00 2001
From: Andrew Moore <alm@FreeBSD.org>
Date: Tue, 27 Jul 1993 02:54:46 +0000
Subject: [PATCH] Added setreuid() calls so that shell escapes work. The
 effective ID's need to be set to the real ID's before invoking a shell for
 security reasons.

---
 gnu/usr.bin/man/man/Makefile |  3 ++-
 gnu/usr.bin/man/man/man.c    | 38 ++++++++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/gnu/usr.bin/man/man/Makefile b/gnu/usr.bin/man/man/Makefile
index 052572324e5c..a9083b447ed8 100644
--- a/gnu/usr.bin/man/man/Makefile
+++ b/gnu/usr.bin/man/man/Makefile
@@ -16,7 +16,8 @@ MAN1=   ${.CURDIR}/man.1
 .endif
 
 DPADD+=  ${MAN1}
-CFLAGS+= -I${.CURDIR}/../lib -DSTDC_HEADERS -DPOSIX -DHAS_TROFF -DDO_UNCOMPRESS -DALT_SYSTEMS
+CFLAGS+= -I${.CURDIR}/../lib -DSTDC_HEADERS -DPOSIX -DHAS_TROFF 
+CFLAGS+= -DDO_UNCOMPRESS -DALT_SYSTEMS -DSETREUID -DCATMODE=664
 CLEANFILES+=	${MAN1}
 
 ${MAN1}: ${.CURDIR}/man.man
diff --git a/gnu/usr.bin/man/man/man.c b/gnu/usr.bin/man/man/man.c
index e8026f6ff3c5..3b6e2bff779f 100644
--- a/gnu/usr.bin/man/man/man.c
+++ b/gnu/usr.bin/man/man/man.c
@@ -16,6 +16,7 @@
 
 #define MAN_MAIN
 
+#include <sys/types.h>
 #include <stdio.h>
 #include <ctype.h>
 #include <string.h>
@@ -104,6 +105,13 @@ static char args[] = "M:P:S:adfhkp:w?";
 #endif
 #endif
 
+#ifdef SETREUID
+uid_t ruid;
+uid_t euid;
+uid_t rgid;
+uid_t egid;
+#endif
+
 int
 main (argc, argv)
      int argc;
@@ -138,6 +146,15 @@ main (argc, argv)
 	gripe_no_name (tmp);
     }
 
+#ifdef SETREUID
+  ruid = getuid();
+  rgid = getgid();
+  euid = geteuid();
+  egid = getegid();
+  setreuid(-1, ruid);
+  setregid(-1, rgid);
+#endif
+
   while (optind < argc)
     {
       nextarg = argv[optind++];
@@ -1136,7 +1153,28 @@ format_and_display (path, man_file, cat_file)
 	    }
 	  else
 	    {
+
+#ifdef SETREUID
+	      setreuid(-1, euid);
+	      setregid(-1, egid);
+#endif
+
 	      found = make_cat_file (path, man_file, cat_file);
+
+#ifdef SETREUID
+	      setreuid(-1, ruid);
+	      setregid(-1, rgid);
+
+	      if (!found)
+	        {
+		  /* Try again as real user - see note below.
+		     By running with 
+		       effective group (user) ID == real group (user) ID
+		     except for the call above, I believe the problems
+		     of reading private man pages is avoided.  */
+		  found = make_cat_file (path, man_file, cat_file);
+	        }
+#endif
 #ifdef SECURE_MAN_UID
 	      if (!found)
 		{