>Heh, I was pondering this the other day after the realisation that
>ptrace() could prevent SIGKILL from killing a process.
>
>I've been thinking that a:
>
>options NOPTRACE
>
>... would be a useful option for hardening boxes...

hmm...since ptrace() is for "process tracing and debugging", there
can't be any legitimate uses for it on a...firewall machine, can
there?

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
werdna@squooshy.com       * "information is power -- share the wealth."