v2.4.0.12 -> v2.4.1

- Al Viro: core file hardlink attack avoidance fix
author: Linus Torvalds <torvalds@athlon.transmeta.com> 2002-02-04 17:53:25 -0800
committer: Linus Torvalds <torvalds@athlon.transmeta.com> 2002-02-04 17:53:25 -0800
commit: 294b0fa792e0420b6d8bbbd27018fc764c1feb7d (patch)
tree: 8cb366cb55b25c0a2878b25ae58a4be1de233c51 /fs/exec.c
parent: c9b9226830bdc88e57166ec7355bccda28eb95f5 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/fs/exec.c b/fs/exec.c
index 28cb7db4c06d..e618a3f18927 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -937,12 +937,14 @@ int do_coredump(long signr, struct pt_regs * regs)
 #else
 	corename[4] = '\0';
 #endif
-	file = filp_open(corename, O_CREAT | 2 | O_TRUNC | O_NOFOLLOW, 0600);
+	file = filp_open(corename, O_CREAT | 2 | O_NOFOLLOW, 0600);
 	if (IS_ERR(file))
 		goto fail;
 	inode = file->f_dentry->d_inode;
 	if (inode->i_nlink > 1)
 		goto close_fail;	/* multiple links - don't dump */
+	if (d_unhashed(file->f_dentry))
+		goto close_fail;
 
 	if (!S_ISREG(inode->i_mode))
 		goto close_fail;
@@ -950,6 +952,8 @@ int do_coredump(long signr, struct pt_regs * regs)
 		goto close_fail;
 	if (!file->f_op->write)
 		goto close_fail;
+	if (do_truncate(file->f_dentry, 0) != 0)
+		goto close_fail;
 	if (!binfmt->core_dump(signr, regs, file))
 		goto close_fail;
 	unlock_kernel();
author	Linus Torvalds <torvalds@athlon.transmeta.com>	2002-02-04 17:53:25 -0800
committer	Linus Torvalds <torvalds@athlon.transmeta.com>	2002-02-04 17:53:25 -0800
commit	294b0fa792e0420b6d8bbbd27018fc764c1feb7d (patch)
tree	8cb366cb55b25c0a2878b25ae58a4be1de233c51 /fs/exec.c
parent	c9b9226830bdc88e57166ec7355bccda28eb95f5 (diff)