Comment 7 for bug 1492570

The first patch will solve the issue only when the new crashdump is not only with e.g. O_CREAT|O_EXCL|O_NOFOLLOW, and then it would not be needed any more.

With current patch, a hardlink to the crash dump would still allow DOS. If crashdump open will a) fail when dump file already exists (like above) or b) unlinks it before recreating, then self-inclusion will not be possible for both sym- and hardlinks.

This would make also sense in another way: the os.walk below is in that combination far more dangerous than the plain open:

It has the same vulnerabilities as before, but as crashdump is following into subdirectories, O_NOFOLLOW is ineffective for TOCTOU kind of attacks, see [1].

Apart from that, the loop misses joining in the root element into the path, so os.walk will essentially walk some objects, but the open calls afterwards will just open something completely different.

With correct crashdump opening, even the misbehaving os.walk would have no effect on DOS (except producing more sym/hardlink issues).

Still working on validating second patch.

[1] http://www.halfdog.net/Security/2010/FilesystemRecursionAndSymlinks/