You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 58 Next »

A signal is a mechanism for transferring control, that is typically used to notify a process that an event has occurred. That process can then respond to that event accordingly. C99 provides functions for sending and handling signals within a C program.

Signals are handled by a process by registering a signal handler using the signal() function, which is specified as:

void (*signal(int sig, void (*func)(int)))(int);

This is conceptually equivalent to

typedef void (*SighandlerType)(int signum);
extern SighandlerType signal(int signum, SighandlerType handler);

Improper handling of signals can lead to security vulnerabilities. The following rules and recommendations are meant to eliminate common errors associated with signal handling.

Recommendations

SIG00-A. Mask signals handled by non-interruptible signal handlers

SIG01-A. Understand implementation-specific details regarding signal handler persistence

SIG02-A. Avoid using signals to implement normal functionality

Rules

SIG30-C. Call only asynchronous-safe functions within signal handlers

SIG31-C. Do not access or modify shared objects in signal handlers

SIG32-C. Do not call longjmp() from inside a signal handler

SIG33-C. Do not recursively invoke the raise() function

SIG34-C. Do not call signal() from within interruptible signal handlers

Risk Assessment Summary

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

SIG00-A

3 (high)

3 (likely)

1 (high)

P9

L2

SIG01-A

1 (low)

1 (unlikely)

3 (low)

P3

L3

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SIG30-C

3 (high)

3 (likely)

1 (high)

P9

L2

SIG31-C

3 (high)

3 (likely)

1 (high)

P9

L2

SIG32-C

3 (high)

3 (likely)

1 (high)

P9

L2

SIG33-C

1 (low)

1 (unlikely)

2 (medium)

P2

L3

SIG34-C

1 (low)

1 (unlikely)

3 (low)

P3

L3


ENV33-C. Do not call the longjmp function to terminate a call to a function registered by atexit()      11. Environment (ENV)      

  • No labels