Fantastic news, thanks for sharing. I stopped looking into it after some spectacularly bad hard lockups, some in prod…

Considering you need to turn off SIP to use it, I would not recommend using DTrace in prod…

You need to escalate to root to run it anyway. If anyone can get root on my laptop, there's nothing that SIP can realistically protect me from. Actually, if anyone can get access to my user outside of sandbox, everything I care about is already exposed.

(Also, you can disable it only for dtrace if you want)

Turning off SIP allows for trivial escalation to root usually

That's quite vague. Got any links with the details?

Here's an example: https://gist.github.com/ChiChou/e3a50f00853b2fbfb1debad46e50...