exec.c: fix coredump to pipe problem and obscure "security hole"

 * name into corename, which must have space for at least

 * CORENAME_MAX_SIZE bytes plus one byte for the zero terminator.

 */

static void format_corename(char *corename, const char *pattern, long signr)

static int format_corename(char *corename, const char *pattern, long signr)

{

	const char *pat_ptr = pattern;

	char *out_ptr = corename;

	char *const out_end = corename + CORENAME_MAX_SIZE;

	int rc;

	int pid_in_pattern = 0;

	int ispipe = 0;

	if (*pattern == '|')

		ispipe = 1;

	/* Repeat as long as we have more pattern to process and more output

	   space */

	 *

	 * If core_pattern does not include a %p (as is the default)

	 * and core_uses_pid is set, then .%pid will be appended to

	 * the filename */

	if (!pid_in_pattern

	 * the filename. Do not do this for piped commands. */

	if (!ispipe && !pid_in_pattern

            && (core_uses_pid || atomic_read(&current->mm->mm_users) != 1)) {

		rc = snprintf(out_ptr, out_end - out_ptr,

			      ".%d", current->tgid);

	}

out:

	*out_ptr = 0;

	return ispipe;

}

static void zap_process(struct task_struct *start)

	 * uses lock_kernel()

	 */

 	lock_kernel();

	format_corename(corename, core_pattern, signr);

	ispipe = format_corename(corename, core_pattern, signr);

	unlock_kernel();

 	if (corename[0] == '|') {

 	if (ispipe) {

		/* SIGPIPE can happen, but it's just never processed */

 		if(call_usermodehelper_pipe(corename+1, NULL, NULL, &file)) {

 			printk(KERN_INFO "Core dump to %s pipe failed\n",

			       corename);

 			goto fail_unlock;

 		}

		ispipe = 1;

 	} else

 		file = filp_open(corename,

				 O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE | flag,