@O_EXCL: Oh, my mistake. Of course it will work for hardlinks also.
@os.walk: To put it in /var/crash directly is ok (design decision). But if I'm not wrong, current reading implementation will e.g. walk into
/var/crash/xxxx/012345678901
but then will try to open
/var/crash/012345678901/dmesg ...
which is a file not wher os.walk has walked before. I'm not sure, if this might not be used in some unwanted fashion.
Apart from that: going into a subdirectory will defeat the O_NOFOLLOW as this is only applied to the last component (dmesg...) but not the "directory" the file is in. But also here: os symlink protection will still work over that and you need to make os.walk timerace (so you need an attacker controlled unprivileged process while kernel_crashdump is running)
@O_EXCL: Oh, my mistake. Of course it will work for hardlinks also.
@os.walk: To put it in /var/crash directly is ok (design decision). But if I'm not wrong, current reading implementation will e.g. walk into
/var/crash/ xxxx/0123456789 01
but then will try to open
/var/crash/ 012345678901/ dmesg ...
which is a file not wher os.walk has walked before. I'm not sure, if this might not be used in some unwanted fashion.
Apart from that: going into a subdirectory will defeat the O_NOFOLLOW as this is only applied to the last component (dmesg...) but not the "directory" the file is in. But also here: os symlink protection will still work over that and you need to make os.walk timerace (so you need an attacker controlled unprivileged process while kernel_crashdump is running)