[ On Friday, December 6, 2002 at 17:12:10 (-0500), Andrew Brown wrote: ]
> Subject: Re: Fork bomb protection patch
>
> >>> options NOPTRACE
> >> hmm...since ptrace() is for "process tracing and debugging", there
> >> can't be any legitimate uses for it on a...firewall machine, can
> >> there?
> >
> >You never have problems on your firewalls that call for debugging?
> 
> well...uh...sure.  mostly i just need tcpdump for that.

Huh?  What the heck does tcpdump have to do with processes that are
running on something like a highly secure firewall system???

> for something more exciting, i can always boot a kernel *with* ptrace
> in it for that.  for every day operation, i shouldn't need it, right?
> i mean...i'm not doing development work there...

Well, I suppose it depends on the nature of the problem being debugged.
Sometimes it's very difficult, and perhaps even impossible, to guarantee
that the problem being debugged can be reproduced after rebooting.

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>