site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=J9Lf3xhM6CZTfe7SxTED19ZDxy8OH8KQCiAxWlxOYAM=; b=lzVI61cu5u0SEYbeHn2GwsUqlaqe1TnEpRBi4lxVFHpoEq9fbwEvRrhhlRr7zu5Gcp hJCgkV0Dj5Bd8yJs02hRheAmIECB21m1jCqnp6eEP86IYUCJ2wjIFGF74HRyPTfrZC3c sgsGUyg7DqnKn5vSvYiiTgoLP2YfbmFsCsmf+WcW4kDFQF/3XMvQAWmSztTPuO/kdGDu VCe1fVcD3TkvFdqh8fr/HYMOoxXJ9Ee9bWC7WnRbVZitvIYadDddOQJ2cviAzMVZYWv6 BiSjD7XB0SUyciiIiHkD30uyjAH1Aiz5r2cZW1EnfkqVKDkj0YGBbqUqbTym8F5XjTRJ 2omw== Hi all, I'm looking for less obvious ways to kill all processes running as a UID in macOS, because the obvious ways are failing me right now. The obvious thing we tried before was to launch a new process, set(e)uid to the user in question, then kill(-1, SIGKILL). That will kill all running processes under that user (including the killer!), but unfortunately in High Sierra (and possibly earlier), it also crashes the entire system and I'm unsure how long it'll be until it's fixed: http://www.openwall.com/lists/oss-security/2017/10/12/1 To get better exit codes, we've also tried kill(-1, SIGKILL, 0); That's right, the kill syscall in XNU actually takes a secret third argument (not available via C API) that indicates whether you want POSIX behavior or not. Non-POSIX behavior in this case just means not killing the caller process but killing everyone else. This worked up until 10.13 but was also thwarted by the bug I linked above. So given that the obvious things don't work, what's a good approach here? I'm operating under the assumption that processes can misbehave, so listing processes and then killing them, being non-atomic, has issues: I can list processes while a process is forking and miss stuff. I could run that in a loop but there's no guarantee the loop will ever terminate (e.g., during fork-bomb-like behavior or even more innocent stuff). Does anyone have other ideas, possibly informed by obscure macOS internal behavior, for how to effectively kill all processes owned by a user? Thanks, Dan P.S: if this question looks familiar I also posted it to the newosxbook forum, but I'm eager for as many ideas as possible so I thought I'd cross-post it here. P.P.S: if you're an Apple XNU dev and would like to fix 10.13's XNU to stop crashing on kill(-1, SIGKILL), you'd make lots of us very happy :) :) :) _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.app... This email sent to site_archiver@lists.apple.com