Subject: Re: Fork bomb protection patch
To: Dave Sainty <dave@dtsp.co.nz>
From: Andrew Brown <atatat@atatdot.net>
List: tech-kern
Date: 12/06/2002 09:48:00
>Heh, I was pondering this the other day after the realisation that
>ptrace() could prevent SIGKILL from killing a process.
>
>I've been thinking that a:
>
>options NOPTRACE
>
>... would be a useful option for hardening boxes...
hmm...since ptrace() is for "process tracing and debugging", there
can't be any legitimate uses for it on a...firewall machine, can
there?
--
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org * "ah! i see you have the internet
twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
werdna@squooshy.com * "information is power -- share the wealth."