Monday, September 5, 2022

Using Environment Variables to Find Escaped Processes

Ben Martin:

Now what happens when the program crashes during a test? The developer is happy because they found a bug before submitting it. But the machine may not be. This type of crash will often leave behind child processes which will quickly gunk up the server, causing other tests to fail in unexpected ways. We need to find and terminate these stray processes or work will quickly grind to a halt.

[…]

Environment variables are one of the key ways that we can get information into a process when it launches.

[…]

When process finishes, search for any process by the current user that have the right environment variable/value combination

Kill all the escaped processes you found

However, as of macOS 11, System Integrity Protection prevents reading other processes’ environment variables—probably for the best.

4 Comments RSS · Twitter

It does, indeed, make me sad. Per-user environment containment is perfectly OK—unless you really don't trust users. A good thing I run with SIP disabled.

@Sebby I don’t think it’s so much about trusting the user as trusting the apps the user has installed, which it’s difficult for the user to vet.

@Michael I don't disagree, but my problem is that it's part of a general trend to clip the user's wings rather than trying to identify and fix the actual weaknesses and deploy real countermeasures, whether on trust, process isolation, etc. This is a short-term fix with low impact, but in the long term we're heading for a highly restrictive environment with far less emancipatory and empowering opportunity to actually build and innovate. How long until the Mac needs its own "Developer Mode"?

@Sebby I think you’re right. To a certain extent, turning of SIP is already Developer Mode. But I don’t like it for development because it’s not a realistic testing environment. I think what Apple should do in cases like this is provide an entitlement or TCC setting so that apps that need these features can selectively declare that and opt back into them. Then the user can get the security benefit for the 99% of apps that don’t need the functionality while still being able to allow the remainder if they want.

Leave a Comment