No direct issues come from this, but you need to be careful that something doesn't generate two similar signals that call the same handler, and your code to deal with it get executed twice.
Non-Compliant Coding Example
#include <signal.h>
char *global_ptr;
void handler() {
free(global_ptr);
_exit(0);
}
int main() {
global_ptr = malloc(16);
signal(SIGINT, handler);
signal(SIGTERM, handler);
/* program code */
return 0;
}
Compliant Solution
Risk Assessment
Depending on the code, this could lead to any number of attacks, many of which could give root access. For an overview of some software vulnerabilities, see Zalewski's signal article.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
MSCxx-C |
3 (high) |
3 (likely) |
1 (high) |
P9 |
L2 |
References
[[ISO/IEC 03]] "Signals and Interrupts"
[[Open Group 04]] longjmp
[OpenBSD] signal() Man Page
[Zalewski] http://lcamtuf.coredump.cx/signals.txt