site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=b9d+OAjaUuRdEGzloJx5g2oAax2HIKHcFyhmH7WP71I=; b=OwZo2bKqGpCGF/SFZWOnONN46B7srndbHQzufyUH46oDOAxymZaXnEhJVyDCv+hrOa 89++7DnZMvJ1I6w2MLPdvI2n74dbcZZmoIBemnq4UJRiMpRB5uf7gQ9y7zy4I1ucumyI VDHfVfpfZFN57ch7we8yn7d0Z4tSeHXjyEd/5nq4aGy3wIXLrBajeYOVylEH8SASvWiI CBCzs3Nnqx00Edz7L4leqqppjPcRgVqLlMoEpSdAkLOnhA3HZVbHnv4qGzDIT+N2ezAk Ul5NsBH+3gjif0yfvZMQT64q9+NSdGvAA9CcheJuP/SAolfd0nfIzPzeCKavYj421Fcn hROQ== Sorry, I forgot to reply to the second half of your email! The process group thing indeed doesn’t seem to crash the machine but doesn’t quite fit our use case, unfortunately. Nix is a build too and/or package manager and it goes out of its way to isolate package builds, by using Apple’s sandbox (scheme style, since it’s not a GUI app and needs fine-grained control over the sandbox), user isolation, and whichever other mechanisms we have available to us. Imagine a CI system running semi-untrusted (misbehaving or possibly actively malicious) build processes, on macOS. We run each build as a dummy no-privilege user and when the build is done (or cancelled) we want to ensure that there are no processes left lying around on the host. The kill(-1, ...) approach has worked fine for us for this purpose in the past but just recently started crashing systems, so we’re looking into other possible approaches. Thanks, Dan On Wed, Oct 18, 2017 at 06:31 Alastair Houghton < alastair@alastairs-place.net> wrote:

...

On 18 Oct 2017, at 02:24, Daniel Peebles <pumpkingod@gmail.com> wrote:

The obvious thing we tried before was to launch a new process, set(e)uid to the user in question, then kill(-1, SIGKILL). That will kill all running processes under that user (including the killer!), but unfortunately in High Sierra (and possibly earlier), it also crashes the entire system and I'm unsure how long it'll be until it's fixed: http://www.openwall.com/lists/oss-security/2017/10/12/1

Has this been submitted to <product-security@apple.com>? The ability to take out the system is quite clearly a security issue; there are Macs installed with guest user access, for instance, where this would be troublesome.

...

Does anyone have other ideas, possibly informed by obscure macOS internal behavior, for how to effectively kill all processes owned by a user?

You could try killing just those processes in the same process group, if that’s sufficient for your purposes (i.e. kill(0, SIGKILL)). Of course, that may also trigger the bug, I don’t know.

Alternatively, perhaps you can explain what you’re trying to achieve by killing all the processes belonging to a particular user? Maybe there’s something else you could do instead?

Kind regards,

Alastair.

-- http://alastairs-place.net

_______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.app... This email sent to site_archiver@lists.apple.com