coredump: validate socket name as it is written

In contrast to other parameters written into
/proc/sys/kernel/core_pattern that never fail we can validate enabling
the new AF_UNIX support. This is obviously racy as hell but it's always
been that way.

Link: https://lore.kernel.org/20250516-work-coredump-socket-v8-7-664f3caf2516@kernel.org
Acked-by: Luca Boccassi <luca.boccassi@gmail.com>
Reviewed-by: Jann Horn <jannh@google.com>
Reviewed-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>

diff --git a/fs/coredump.c b/fs/coredump.c
index 84cddfe6e970e0e24e02dd2a71a8f335ad35a7c4..f217ebf2b3b68f4ae918090c777e0131132db349 100644 (file)
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -1236,13 +1236,44 @@ void validate_coredump_safety(void)
        }
 }
 
+static inline bool check_coredump_socket(void)
+{
+       if (core_pattern[0] != '@')
+               return true;
+
+       /*
+        * Coredump socket must be located in the initial mount
+        * namespace. Don't give the impression that anything else is
+        * supported right now.
+        */
+       if (current->nsproxy->mnt_ns != init_task.nsproxy->mnt_ns)
+               return false;
+
+       /* Must be an absolute path. */
+       if (*(core_pattern + 1) != '/')
+               return false;
+
+       return true;
+}
+
 static int proc_dostring_coredump(const struct ctl_table *table, int write,
                  void *buffer, size_t *lenp, loff_t *ppos)
 {
-       int error = proc_dostring(table, write, buffer, lenp, ppos);
+       int error;
+       ssize_t retval;
+       char old_core_pattern[CORENAME_MAX_SIZE];
+
+       retval = strscpy(old_core_pattern, core_pattern, CORENAME_MAX_SIZE);
+
+       error = proc_dostring(table, write, buffer, lenp, ppos);
+       if (error)
+               return error;
+       if (!check_coredump_socket()) {
+               strscpy(core_pattern, old_core_pattern, retval + 1);
+               return -EINVAL;
+       }
 
-       if (!error)
-               validate_coredump_safety();
+       validate_coredump_safety();
        return error;
 }