From: Don Howard <dhoward@redhat.com>
Date: Fri, 7 Dec 2007 15:30:22 -0800
Subject: [fs] core dump file ownership
Message-id: Pine.LNX.4.64.0712071453070.6669@sugarmagnolia.remotee.org
O-Subject: [RHEL5 security patch] Core dump file ownership
Bugzilla: 397001

	In 2.6.x and 2.4.x kernels, if a core file owned by a non root
	user exists and root runs a process that drops core in the same
	location, the original core file owned by the non root user is
	replaced with root's core dump, except the original owner
	maintains ownership of the core.

Fixes bz397001/CVE-2007-6206
Tested on x86_64

Upstream here:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=c46f739dd39db3b07ab5deb4e3ec81e1c04a91af

Acked-by: Eric Paris <eparis@redhat.com>

diff --git a/fs/exec.c b/fs/exec.c
index 53e057b..8ff68d0 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1522,6 +1522,12 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs)
 
 	if (!S_ISREG(inode->i_mode))
 		goto close_fail;
+	/*
+	 * Dont allow local users get cute and trick others to coredump
+	 * into their pre-created files:
+	 */
+	if (inode->i_uid != current->fsuid)
+		goto close_fail;
 	if (!file->f_op)
 		goto close_fail;
 	if (!file->f_op->write)