Here's a quick question on task_for_pid() (it seems to be at the heart of this): What is the security hole that this system setup is trying to fix? Apparently, it used to be that if you were the same ID, you could find the mach task for a process; now it's highly restricted. Why? I can't find that documented at all.