 
                            A signal is a mechanism for transferring control, that is typically used to notify a process that an event has occurred. That process can then respond to that event accordingly. C99 provides functions for sending and handling signals within a C program.
Signals are handled by a process by registering a signal handler using the signal() function, which is specified as:
void (*signal(int sig, void (*func)(int)))(int);
This is conceptually equivalent to
typedef void (*SighandlerType)(int signum); extern SighandlerType signal(int signum, SighandlerType handler);
Improper handling of signals can lead to security vulnerabilities. The following rules and recommendations are meant to eliminate common errors associated with signal handling.
Recommendations
SIG00-A. Mask signals handled by non-interruptible signal handlers
SIG01-A. Understand implementation-specific details regarding signal handler persistence
SIG02-A. Avoid using signals to implement normal functionality
Rules
SIG30-C. Call only asynchronous-safe functions within signal handlers
SIG31-C. Do not access or modify shared objects in signal handlers
SIG32-C. Do not call longjmp() from inside a signal handler
SIG33-C. Do not recursively invoke the raise() function
SIG34-C. Do not call signal() from within interruptible signal handlers
Risk Assessment Summary
| Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level | 
|---|---|---|---|---|---|
| SIG00-A | 3 (high) | 3 (likely) | 1 (high) | P9 | L2 | 
| SIG01-A | 1 (low) | 1 (unlikely) | 3 (low) | P3 | L3 | 
| SIG02-A | 3 (high) | 2 (probable) | 2 (medium) | P12 | L1 | 
| Rule | Severity | Likelihood | Remediation Cost | Priority | Level | 
|---|---|---|---|---|---|
| SIG30-C | 3 (high) | 3 (likely) | 1 (high) | P9 | L2 | 
| SIG31-C | 3 (high) | 3 (likely) | 1 (high) | P9 | L2 | 
| SIG32-C | 3 (high) | 3 (likely) | 1 (high) | P9 | L2 | 
| SIG33-C | 1 (low) | 1 (unlikely) | 2 (medium) | P2 | L3 | 
| SIG34-C | 1 (low) | 1 (unlikely) | 3 (low) | P3 | L3 | 
Related Rules and Recommendations
|  | 
|  | 
ENV33-C. Do not call the longjmp function to terminate a call to a function registered by atexit() 11. Environment (ENV) SIG00-A. Mask signals handled by non-interruptible signal handlers