> Of course, to make this really robust against a 'smart' bomb that
> spots its mates getting SIGSTOPped and SIGCONTing them, if a process
> is SIGSTOPped by root, then only root should be able to continue it
> again.

What about a smartbomb that just SIGKILLs stopped peers, letting
someone re-fork a replacement?  Should a root-SIGSTOPped process be
unkillable at all by anyone but root?

I'm not really convinced it's worthwhile trying to use technical means
to render the OS immune to malicious (as opposed to accidental or idly
curious) forkbomb DoS attacks.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B