Mon Jan 23 09:59:22 EST 2006 rsc proc.c.orig:1474,1480 - /n/sources/patch/killbig-nits-2/proc.c:1474,1480 if(s != 0) l += s->top - s->base; } - if(l > max && strcmp(p->text, "kfs") != 0){ + if(l > max && (p->procmode&0222 && !strcmp(eve, p->user))) { kp = p; max = l; } Please don't use !strcmp(x,y) in Plan 9 code. It's difficult to read and easy to get wrong, which I think you did. What you mean is if(l>max && ((p->procmode&0222) || strcmp(eve, p->user)!=0) which gets the procs that have writable ctls or are not owned by eve. You were killing only the procs that have writable ctls AND ARE owned by eve, making it even easier for your supposed malicious users to wreak havoc. proc.c.orig:1487,1493 - /n/sources/patch/killbig-nits-2/proc.c:1487,1493 qunlock(&s->lk); } } - print("%lud: %s killed because no swap configured\n", kp->pid, kp->text); + print("%lud: %s killed by killbig()\n", kp->pid, kp->text); } Killbig is the only function that prints '%lud: %s killed' so printing 'by killbig()' is useless. I applied these changes, with the fixes. I also made killbig kill all the processes sharing the same bss as the guy who got killed, so that if there's a big threaded program, killbig will get all the procs. Russ