Two address-space-isolation patches get closer

*All* ptrace access, or just PTRACE_PEEKDATA? If it's the latter then ptrace could still be used to access the "secret" memory by first injecting code into the process to copy the data elsewhere.

I can't say I'm all that comfortable with the idea of handing processes rootkit-like tools to hide the contents of their memory from the system administrator, though I suppose the enforcement aspects could be patched out of the kernel easily enough without affecting the userspace ABI. This seems like something that could benefit malware (including, but not limited to, DRM) at least as much as security software.