Comment 9 for bug 1492570

@O_EXCL: Oh, my mistake. Of course it will work for hardlinks also.

@os.walk: To put it in /var/crash directly is ok (design decision). But if I'm not wrong, current reading implementation will e.g. walk into

/var/crash/xxxx/012345678901

but then will try to open

/var/crash/012345678901/dmesg ...

which is a file not wher os.walk has walked before. I'm not sure, if this might not be used in some unwanted fashion.

Apart from that: going into a subdirectory will defeat the O_NOFOLLOW as this is only applied to the last component (dmesg...) but not the "directory" the file is in. But also here: os symlink protection will still work over that and you need to make os.walk timerace (so you need an attacker controlled unprivileged process while kernel_crashdump is running)