• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
How to safely kill all processes owned by a user on macOS
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

How to safely kill all processes owned by a user on macOS

  • Subject: How to safely kill all processes owned by a user on macOS
  • From: Daniel Peebles <email@hidden>
  • Date: Tue, 17 Oct 2017 21:24:47 -0400
Hi all,

I'm looking for less obvious ways to kill all processes running as a UID in
macOS, because the obvious ways are failing me right now.

The obvious thing we tried before was to launch a new process, set(e)uid to
the user in question, then kill(-1, SIGKILL). That will kill all running
processes under that user (including the killer!), but unfortunately in
High Sierra (and possibly earlier), it also crashes the entire system and
I'm unsure how long it'll be until it's fixed:
http://www.openwall.com/lists/oss-security/2017/10/12/1

To get better exit codes, we've also tried kill(-1, SIGKILL, 0); That's
right, the kill syscall in XNU actually takes a secret third argument (not
available via C API) that indicates whether you want POSIX behavior or not.
Non-POSIX behavior in this case just means not killing the caller process
but killing everyone else. This worked up until 10.13 but was also thwarted
by the bug I linked above.

So given that the obvious things don't work, what's a good approach here?
I'm operating under the assumption that processes can misbehave, so listing
processes and then killing them, being non-atomic, has issues: I can list
processes while a process is forking and miss stuff. I could run that in a
loop but there's no guarantee the loop will ever terminate (e.g., during
fork-bomb-like behavior or even more innocent stuff).


Does anyone have other ideas, possibly informed by obscure macOS internal
behavior, for how to effectively kill all processes owned by a user?

Thanks,
Dan

P.S: if this question looks familiar I also posted it to the newosxbook
forum, but I'm eager for as many ideas as possible so I thought I'd
cross-post it here.
P.P.S: if you're an Apple XNU dev and would like to fix 10.13's XNU to stop
crashing on kill(-1, SIGKILL), you'd make lots of us very happy :) :) :)

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: How to safely kill all processes owned by a user on macOS
      • From: Alastair Houghton <email@hidden>
  • Prev by Date: XNU/CoreStorage Question
  • Next by Date: Re: How to safely kill all processes owned by a user on macOS
  • Previous by thread: XNU/CoreStorage Question
  • Next by thread: Re: How to safely kill all processes owned by a user on macOS
  • Index(es):
    • Date
    • Thread