madaidan via Whonix Forum:
I don’t see why it should presuppose non-root access. What I meant above about shred was local access, not root. Shred would only really help if someone is doing forensics analysis on your hard drive.
A lot mixed in here to easily talk past each other.
system map access generally:
root compromise: If there is root access (root user compromise from
remote), why would anyone still care about system map?
non-root user compromise: I.e. a malware process is running under a
linux user account such as user apache2 or so. In that case, the malware
being unable to read system map, might help to prevent the attacker from
escalating to compromise.
If these assumptions are right, then setting access rights to system map
to root only would complicate non-root to root escalation for malware.
system map file recovery by malware:
File recovery tools can be run root or non-root users?
If only by root users: great.
If also by non-root users: bad, because then malware could use undelete
tools to re-creating system map file.
File recovery tools don’t necessarily require local (as in hands on) access.