A signal is a mechanism for transferring control, that is typically used to notify a process that an event has occurred. That process can then respond to that event accordingly. C99 provides functions for sending and handling signals within a C program.

Signals are handled by a process by registering a signal handler using the signal() function, which is specified as:

void (*signal(int sig, void (*func)(int)))(int);

There are two ways to send a signal: synchronous (as initiated by a call to raise() or abort()) and asynchronous (initiated from outside the current process). Most of the rules and recommendations in this section do not apply to signals that are invoked synchronously, as there is no significant difference between signal handlers that are invoked by a call to a library function and signal handlers that are invoked by a call to the handler itself. However, there is no way to prevent external processes from sending asynchronous signals to a program that handles synchronous signals. Consequently, any program that handles signals must be prepared to handle asynchronous signals from potentially hostile sources.

Improper handling of signals can lead to security vulnerabilities. The following rules and recommendations are meant to eliminate common errors associated with signal handling.

Recommendations

SIG00-A. Mask signals handled by non-interruptible signal handlers

SIG01-A. Understand implementation-specific details regarding signal handler persistence

Rules

SIG30-C. Call only asynchronous-safe functions within signal handlers

SIG31-C. Do not access or modify shared objects in signal handlers

SIG32-C. Do not call longjmp() from inside a signal handler

SIG33-C. Do not recursively invoke the raise() function

SIG34-C. A signal handler should not re-assert itself

Risk Assessment Summary

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

SIG00-A

3 (high)

3 (likely)

1 (high)

P9

L2

SIG01-A

1 (low)

1 (unlikely)

3 (low)

P3

L3

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SIG30-C

3 (high)

3 (likely)

1 (high)

P9

L2

SIG31-C

3 (high)

3 (likely)

1 (high)

P9

L2

SIG32-C

3 (high)

3 (likely)

1 (high)

P9

L2

SIG33-C

1 (low)

1 (unlikely)

2 (medium)

P2

L3

SIG34-C

1 (low)

1 (unlikely)

3 (low)

P3

L3


ENV33-C. Do not call the longjmp function to terminate a call to a function registered by atexit()      11. Environment (ENV)