One follow-up for the discussion on if this is a DoS or privilege escalation, in the logs we saw:

    Service exited due to signal: Killed: 9 sent by nix-daemon[54108]

and were able to (inconsistently) reproduce this with other unprivileged users.

This indicated to us that we hadn’t tripped just a crashing bug, but actually escalated beyond the normal access control protections of kill.

This breaks the Nix package manager. And we have no other way to reliable kill processes on macOS unlike Linux, where we can use cgroups.