/proc/$PID/{sched,schedstat,etc} information leak. demo: http://openwall.com/lists/oss-security/2011/11/05/3 Solution: /proc/$pid/* vuln will be fixed in the following patch series by introducing a restricted procfs permission mode: [RFC v2 1/3] procfs: parse mount options https://lkml.org/lkml/2011/11/19/41 [RFC v2 2/3] procfs: add hidepid= and gid= mount options https://lkml.org/lkml/2011/11/19/42 [PATCH -next] proc: fix task_struct infoleak https://lkml.org/lkml/2011/12/11/62 (fix for previous patch) [RFC v2 3/3] procfs: add documentation for procfs mount options https://lkml.org/lkml/2011/11/19/43 Currently these series are in the -mm tree. Explanation: https://lkml.org/lkml/2011/11/19/42
These are in Linus' tree now: Patch 1 from above: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=97412950b10e64f347aec4a9b759395c2465adf6 Patches 2 and 3 were merged into one, with the additional fix that followed later: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=0499680a42141d86417a8fbaa8c8db806bea1201 And there was a follow on oops fix after that: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=a2ef990ab5a6705a356d146dd773a3b359787497
Can this be closed? 3.1 is not available anymore in gentoo-sources. Nor in hardened-sources or vanilla-sources.
There are no longer any 2.x or <3.1 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.
