coredump: don't allow ".." in coredump socket path

There's no point in allowing to walk upwards for the coredump socket.
We already force userspace to give use a sane path, no symlinks, no
magiclinks, and also block "..". Use an absolute path without any
shenanigans.

Link: https://lore.kernel.org/20250612-work-coredump-massage-v1-6-315c0c34ba94@kernel.org
Signed-off-by: Christian Brauner <brauner@kernel.org>

diff --git a/fs/coredump.c b/fs/coredump.c
index a64b87878ab37e917132e536fddd1a608f51340f..8437bdc26d081777ebc642e0f7ee66573c560a43 100644 (file)
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -1418,6 +1418,10 @@ static inline bool check_coredump_socket(void)
        if (strlen(p) >= UNIX_PATH_MAX)
                return false;
 
+       /* Must not contain ".." in the path. */
+       if (name_contains_dotdot(core_pattern))
+               return false;
+
        return true;
 }