Page History

...

POSIX recommends sigaction() and deprecates the use of signal() to register signal handlers. Unfortunately, sigaction() is not defined in the C Standard and is consequently not as portable a solution.

...

Interrupting a noninterruptible signal handler can result in a variety of vulnerabilities [Zalewski 2001].

Recommendation	Severity	Likelihood

Remediation Cost

Detectable	Repairable	Priority	Level
SIG00-C	High	Likely

High

No

P9

L2

Automated Detection

Tool	Version	Checker	Description

PRQA QA-C Include PagePRQA_VPRQA_Vwarncall for signalPartially implemented

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

BADFUNC.SIGNAL

Use of signal

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C5019

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

44 S

Enhanced enforcement

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-SIG00-a

The signal handling facilities of <signal.h> shall not be used

PC-lint Plus

Include Page

	PC-lint Plus_V
	PC-lint Plus_V

586

Assistance provided: reports use of the signal function

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++

Secure

Coding Standard	VOID SIG00-CPP. Mask signals handled by noninterruptible signal handlers
MITRE CWE	CWE-662, Insufficient synchronization

Bibliography

[C99 Rationale 2003]	Subclause 5.2.3, "Signals and Interrupts"
[Dowd 2006]	Chapter 13, "Synchronization and State" ("Signal Interruption and Repetition")
[IEEE Std 1003.1:2013]	XSH, System Interface, `longjmp`
[OpenBSD]	`signal()` Man Page
[Zalewski 2001]	"Delivering Signals for Fun and Profit"

...

Image Modified Image Modified Image Modified

Space shortcuts

Page tree

Versions Compared

Old Version 78

New Version Current

Key

Automated Detection

Related Vulnerabilities

Related Guidelines

Bibliography