Don't allow a malicious user to trick another user's rm process into
removing unintended files. In one scenario, if root is removing a
hierarchy that is writable by the malicious user, that user may trick
root into removing all of `/'. Reported by Wojciech Purczynski.
(remove_dir): After chdir `..', call lstat to get the
dev/inode of "." and fail if they aren't the same as the old numbers.
(remove_cwd_entries): New parameter, `cwd_dev_ino'.
(remove_dir): Likewise.
(rm): Likewise.
Adjust all callers.