>a per-process limit should be enforced as well, to prevent a more 
>limited-scope DoS.. and perhaps if we get fancy, reserve a slot in the 
>per-process quota for a process running as root to send to, to prevent 
>processes from rendering themselves more unkillable by keeping their own 
>signal queues full , thereby rejecting KILLs, XCPUs, STOPs, and the like? 

since SIGKILL and SIGSTOP are not blockable, i can't see how they'd
need any sort of queuing support (making queues "fillable"), which
implies to me that this "free slot for root" wouldn't be needed.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
werdna@squooshy.com       * "information is power -- share the wealth."