[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Signal Handler Function Associated with Multiple Signals

ID: 831Date: (C)2012-05-14   (M)2012-11-08
Type: weaknessStatus: INCOMPLETE
Abstraction Type: Base





Description

The software defines a function that is used as a handler for more than one signal.

Extended Description

While sometimes intentional and safe, when the same function is used to handle multiple signals, a race condition could occur if the function uses any state outside of its local declaration, such as global variables or non-reentrant functions, or has any side effects.

An attacker could send one signal that invokes the handler function; in many OSes, this will typically prevent the same signal from invoking the handler again, at least until the handler function has completed execution. However, the attacker could then send a different signal that is associated with the same handler function. This could interrupt the original handler function while it is still executing. If there is shared state, then the state could be corrupted. This can lead to a variety of potential consequences depending on context, including denial of service and code execution.

Another rarely-explored possibility arises when the signal handler is only designed to be executed once (if at all). By sending multiple signals, an attacker could invoke the function more than once. This may generate extra, unintended side effects. A race condition might not even be necessary; the attacker could send one signal, wait until it is handled, then send the other signal.

Applicable Platforms
None

Common Consequences

ScopeTechnical ImpactNotes
Availability
Integrity
Confidentiality
Access_Control
Other
 
DoS: crash / exit / restart
Execute unauthorized code or commands
Read application data
Gain privileges / assume identity
Bypass protection mechanism
Varies by context
 
The most common consequence will be a corruption of the state of the software, possibly leading to a crash or exit. However, if the signal handler is operating on state variables for security relevant libraries or protection mechanisms, the consequences can be far more severe, including protection mechanism bypass, privilege escalation, or information exposure.
 

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWETypeViewChain
CWE-831 ChildOf CWE-364 Weakness CWE-1000
CWE-699 
 

Demonstrative Examples   (Details)

  1. This code registers the same signal handler function with two different signals (CWE-831). If those signals are sent to the process, the handler creates a log message (specified in the first argument to the program) and exits. (Demonstrative Example Id DX-26)
  2. This code registers the same signal handler function with two different signals.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings
None

References:

  1. Michal Zalewski .Delivering Signals for Fun and Profit.
  2. .Race Condition: Signal Handling.

© 2013 SecPod Technologies