There's no point in allowing to walk upwards for the coredump socket. We already force userspace to give use a sane path, no symlinks, no magiclinks, and also block "..". Use an absolute path without any shenanigans. Signed-off-by: Christian Brauner <brauner@xxxxxxxxxx> --- fs/coredump.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/coredump.c b/fs/coredump.c index a64b87878ab3..8437bdc26d08 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -1418,6 +1418,10 @@ static inline bool check_coredump_socket(void) if (strlen(p) >= UNIX_PATH_MAX) return false; + /* Must not contain ".." in the path. */ + if (name_contains_dotdot(core_pattern)) + return false; + return true; } -- 2.47.2
