diff options
| author | Christian Brauner <brauner@kernel.org> | 2025-06-12 15:25:20 +0200 |
|---|---|---|
| committer | Christian Brauner <brauner@kernel.org> | 2025-06-16 17:01:22 +0200 |
| commit | edfe3bdbbb52339cd8c2366402f2702c5ebc15c7 (patch) | |
| tree | 7685514eb02bb3693364fa138b540a903ad40860 | |
| parent | 0da3e3822cfabf062945e449f91ea3ca529eeaa4 (diff) | |
coredump: don't allow ".." in coredump socket path
There's no point in allowing to walk upwards for the coredump socket.
We already force userspace to give use a sane path, no symlinks, no
magiclinks, and also block "..". Use an absolute path without any
shenanigans.
Link: https://lore.kernel.org/20250612-work-coredump-massage-v1-6-315c0c34ba94@kernel.org
Signed-off-by: Christian Brauner <brauner@kernel.org>
| -rw-r--r-- | fs/coredump.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/coredump.c b/fs/coredump.c index a64b87878ab3..8437bdc26d08 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -1418,6 +1418,10 @@ static inline bool check_coredump_socket(void) if (strlen(p) >= UNIX_PATH_MAX) return false; + /* Must not contain ".." in the path. */ + if (name_contains_dotdot(core_pattern)) + return false; + return true; } |