we can drop it i guess. The sole purpose was to make it harder to discover the symbol map of a kernel from unprivileged userspace. This seems kinds of pointless when /proc/kallsyms is world-readable. As is /boot/System.map Perhaps that wasn't always the case, but regardless, I think this can die. diff --git a/fs/proc/array.c b/fs/proc/array.c index 7e4877d..0c368c1 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -424,8 +424,16 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, unlock_task_sighand(task, &flags); } - if (!whole || num_threads < 2) - wchan = get_wchan(task); + if (!whole || num_threads < 2) { + const struct cred *cred; + + wchan = 0; + cred = __task_cred(task); + if (current_uid() == cred->uid || current_euid() == cred->uid || + capable(CAP_SYS_NICE)) + wchan = get_wchan(task); + } + if (!whole) { min_flt = task->min_flt; maj_flt = task->maj_flt;