>>> options NOPTRACE
>> hmm...since ptrace() is for "process tracing and debugging", there
>> can't be any legitimate uses for it on a...firewall machine, can
>> there?
>
>You never have problems on your firewalls that call for debugging?

well...uh...sure.  mostly i just need tcpdump for that.

for something more exciting, i can always boot a kernel *with* ptrace
in it for that.  for every day operation, i shouldn't need it, right?
i mean...i'm not doing development work there...

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
werdna@squooshy.com       * "information is power -- share the wealth."