A multi-user system usually involves a large amount of information shared among its users. The security impli- cations of such information can never be underestimated. In this paper, we present a new attack that allows a ma- licious user to eavesdrop on other users’ keystrokes us- ing such information. Our attack takes advantage of the stack information of a process disclosed by its virtual file within procfs, the process file system supported by Linux. We show that on a multi-core system, the ESP of a process when it is making system calls can be ef- fectively sampled by a “shadow” program that continu- ously reads the public statistical information of the.