Hi,
I've run some tests on a few systems I have access to:
SunOS 4.1.4 allows core dumps to follow symlinks for non-root process.
Solaris 2.7 doesn't allow it at all, as well as Linux 2.2.5, and OpenBSD since
more than a year.

As noted by Bill and Charles, testing the owner of a symlink before
creating the file is not easy, and require large changes in the VFS system.
I don't want to go there myself.
I think just dissalowing core-dumps to follow symlinks would be consistent
with what other systems do, and would be the safe way. If peoples really
want it I can find some time to add 'core-dump file format' bill talked
about, but later (I'll have a 6h train travel next week, and I'll have a
laptop with me :)
For now I'd like to close this problem ASAP. Charles fixed ftc.c to not
dump core anymore, but I'm sure other exploits with core-dump over
symlinks can be found, this needs to be disabled. So unless somone really
complain I'll commit the fix tomorow.

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--