Accessing or modifying shared objects in signal handlers can lead to race conditions, opening up security holesresult in race conditions that can leave data in an inconsistent state. The exception to this rule is the ability to read and write to variables of volatile sig_atomic_t. The type of sig_atomic_t is implementation-defined, although there are bounding constraints. Only integer values from 0 through 127 can be assigned to a variable of type sig_atomic_t to be fully portable. The need for the volatile keyword is described in DCL34-C. Use volatile for data that cannot be cached.
...
In this non-compliant code example, err_msg is updated to indicate that the SIGINT signal was delivered. Undefined behavior will occur occurs if a SIGINT is generated before the allocation completes.
...
Risk Assessment
| Wiki Markup |
|---|
Depending on the code, this could lead to any number of attacks, many of which could give root access. For an overview of some software vulnerabilities, seeAccessing or modifying shared objects in signal handlers can result in accessing data in an inconsistent state. Zalewski's paper on _Delivering Signals for Fun and Profit_ provides some examples vulnerabilities that can result from violating this and other signal handling rules \[[Zalewski 01|AA. C References#Zalewski 01]\]. |
...