> > Of course, to make this really robust against a 'smart' bomb that
> > spots its mates getting SIGSTOPped and SIGCONTing them, if a process
> > is SIGSTOPped by root, then only root should be able to continue it
> > again.
> 
> What about a smartbomb that just SIGKILLs stopped peers, letting
> someone re-fork a replacement?  Should a root-SIGSTOPped process be
> unkillable at all by anyone but root?

Hmm, a smart bomb that cleans up after itself :-)  One less for root to 
remove once the system is finally under controll.

R.