Page History

...

Vulnerabilities can arise if a non-asynchronous-safe signal handler is interrupted with any unmasked signal, including its own.

...

Noncompliant Code Example

This non-compliant noncompliant code example registers a single signal handler to process both SIGUSR1 and SIGUSR2. The variable sig2 should be set to one if one or more SIGUSR1 signals are followed by SIGUSR2, essentially implementing a finite state machine within the signal handler.

...

Unfortunately, there is a race condition in the implementation of handler(). If handler() is called to handle SIGUSR1 and is interrupted to handle SIGUSR2, it is possible that sig2 will not be set.

Compliant Solution (POSIX)

The POSIX sigaction() function assigns handlers to signals in a similar manner to the C99 signal() function, but it also allows signal masks to be set explicitly. Consequently, sigaction() can be used to prevent a signal handler from interrupting itself.

...

POSIX recommends sigaction() and deprecates signal(). Unfortunately, sigaction() is not defined in C99 and is consequently not as portable a solution.

Risk Assessment

Interrupting a non-interruptible signal handler can result in a variety of vulnerabilities \[[Zalewski 01|AA. C References#Zalewski 01]\].

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

\[[Dowd 06 | AA. C References#Dowd 06]\] Chapter 13, "Synchronization and State" (Signal Interruption and Repetition)
\[[ISO/IEC 03|AA. C References#ISO/IEC 03]\] Section 5.2.3, "Signals and interrupts"
\[[Open Group 04|AA. C References#Open Group 04]\] [longjmp|http://www.opengroup.org/onlinepubs/000095399/functions/longjmp.html]
\[[OpenBSD|AA. C References#OpenBSD]\] [{{signal()}} Man Page|http://www.openbsd.org/cgi-bin/man.cgi?query=signal]
\[[Zalewski 01|AA. C References#Zalewski 01]\]

...

11. Signals (SIG)      11. Signals (SIG)       SIG01-A. Understand implementation-specific details regarding signal handler persistence Image Added