coredump: don't allow ".." in coredump socket path

There's no point in allowing to walk upwards for the coredump socket. We already force userspace to give use a sane path, no symlinks, no magiclinks, and also block "..". Use an absolute path without any shenanigans. Link: https://lore.kernel.org/20250612-work-coredump-massage-v1-6-315c0c34ba94@kernel.org Signed-off-by: Christian Brauner <brauner@kernel.org>
2025-12-27 12:21:22 -05:00 · 2025-06-12 15:25:20 +02:00
parent 0da3e3822c
commit edfe3bdbbb
1 changed files with 4 additions and 0 deletions
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -1418,6 +1418,10 @@ static inline bool check_coredump_socket(void)
 	if (strlen(p) >= UNIX_PATH_MAX)
 		return false;

+	/* Must not contain ".." in the path. */
+	if (name_contains_dotdot(core_pattern))
+		return false;
+
 	return true;
 }