 
                            ...
Asynchronous signals may originate from malicious actors external to the process. Consequently, vulnerabilities may exist if the signal-handler-persistence behavior is inconsistent with the developer's expectations, such as when the developer expects the signal handler to persist but it does not.
...
Failure to understand implementation-specific details regarding signal-handler persistence can lead to unexpected behavior.
| Recommendation | Severity | Likelihood | 
|---|
| Detectable | Repairable | Priority | Level | 
|---|---|---|---|
| SIG01-C | Low | Unlikely | No | 
| No | 
| P1 | L3 | 
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar | 
 | BADFUNC.SIGNAL | Use of signal | ||||||
| Compass/ROSE | 
| Could detect possible violations by flagging any signal handler that calls  | 
| Helix QAC | 
 | C5020 | |||||||
| LDRA tool suite | 
 | 97 D | Partially implemented | ||||||
| Parasoft C/C++test | 
 | 
| 
 | 
| 
 | 
| CERT_C-SIG01-a | The signal handling facilities of <signal.h> shall not be used | ||||||||
| PC-lint Plus | 
 | 586 | Assistance provided: reports use of the signal function | 
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ | 
| Coding Standard | VOID SIG01-CPP. Understand implementation-specific details regarding signal handler persistence | 
...
...