May be the shortest way to manage this problem is to extract the "file saving" part from the whole process to a "save file helper", then make only this being setuid root and well secured by going setuid to the final user as soon as it starts. Just my 2¢...
May be the shortest way to manage this problem is to extract the "file saving" part from the whole process to a "save file helper", then make only this being setuid root and well secured by going setuid to the final user as soon as it starts. Just my 2¢...