diff -burN linux-2.4.23-old/include/linux/sysctl.h linux-2.4.23/include/linux/sysctl.h
--- linux-2.4.23-old/include/linux/sysctl.h	2003-12-22 19:09:42.000000000 +0100
+++ linux-2.4.23/include/linux/sysctl.h	2003-12-29 02:50:55.000000000 +0100
@@ -128,6 +128,7 @@
 	KERN_PPC_L3CR=57,       /* l3cr register on PPC */
 	KERN_EXCEPTION_TRACE=58, /* boolean: exception trace */
  	KERN_CORE_SETUID=59,	/* int: set to allow core dumps of setuid apps */
+ 	KERN_PTRACE_GID=60,	/* int: the only gid allowed to ptrace_attach */
 };
 
 
diff -burN linux-2.4.23-old/kernel/ptrace.c linux-2.4.23/kernel/ptrace.c
--- linux-2.4.23-old/kernel/ptrace.c	2003-12-22 12:30:10.000000000 +0100
+++ linux-2.4.23/kernel/ptrace.c	2003-12-29 02:53:14.000000000 +0100
@@ -16,6 +16,8 @@
 #include <asm/pgtable.h>
 #include <asm/uaccess.h>
 
+int ptrace_gid = 0;
+
 /*
  * Check that we have indeed attached to the thing..
  */
@@ -62,5 +64,8 @@
 		goto bad;
 	if (!task->mm)
 		goto bad;
+	if ((ptrace_gid < 0) || (ptrace_gid > 32767) ||
+	    (current->gid != ptrace_gid))
+		goto bad;
 	if(((current->uid != task->euid) ||
 	    (current->uid != task->suid) ||
diff -burN linux-2.4.23-old/kernel/sysctl.c linux-2.4.23/kernel/sysctl.c
--- linux-2.4.23-old/kernel/sysctl.c	2003-12-22 02:20:11.000000000 +0100
+++ linux-2.4.23/kernel/sysctl.c	2003-12-29 02:47:05.000000000 +0100
@@ -51,6 +51,7 @@
 extern int sysrq_enabled;
 extern int core_uses_pid;
 extern int core_setuid_ok;
+extern int ptrace_gid;
 extern char core_pattern[];
 extern int cad_pid;
 extern int laptop_mode;
@@ -182,6 +183,8 @@
 	 0644, NULL, &proc_dointvec},
 	{KERN_CORE_SETUID, "core_setuid_ok", &core_setuid_ok, sizeof(int),
 	0644, NULL, &proc_dointvec},
+	{KERN_PTRACE_GID, "ptrace_gid", &ptrace_gid, sizeof(int),
+	0640, NULL, &proc_dointvec},
 	{KERN_CORE_PATTERN, "core_pattern", core_pattern, 64,
 	 0644, NULL, &proc_dostring, &sysctl_string},
 	{KERN_TAINTED, "tainted", &tainted, sizeof(int),