Small PaX obscurity patch
This patch prevents information leaking through /proc/#/maps and /proc/#/stat as well as a little local console trick.
-- Julien TINNES, sat aug 30 23:24:05 CEST 2003pax+obs-linux-2.4.22-200308302223.tar.gz
PaX obscurity patch
This is a small patch to use with PaX enabled kernel.
Select "Prevent basic info leaking through procfs and others" in PaX Options
* If an attackers has a local account, ASLR can be made useless because you can easily get the randomized adresses through /proc/pid/maps and stack pointer / program counter value through /proc/pid/stat. (Try "cat /proc/self/maps" and "ps -eo pid,user,eip,esp,wchan").
* With a local console account, Alt-GR+SrollLock can be abused to get usefull register values.
Preventing information leaking is beyond the scope of PaX, that's why this patch exists.
If you use grsecurity, you're already safe, /proc information leaking is prevented since the begining and I reported Alt-GR+ScrollLock to spender who fixed it quickly.
Such information leaking though /proc could be prevented by an ACL system. If it is not (and if you don't use grsecurity), then this patch should be used.
It has been developed to be integrated into Adamantix.
-- Julien TINNES (julien () cr0 ! org)