logo

Dangerous Signal Handler not Disabled During Sensitive Operations

Draft Base
Structure: Simple
Description

This vulnerability occurs when a program's signal handler, which shares resources like global variables with other handlers, can be interrupted and re-entered before it finishes its work. The program fails to block other signals during this sensitive operation, leaving shared state vulnerable to corruption.

Extended Description

Signal handlers in a program often run with elevated privileges and manage critical data. If a handler is written to share state—like global variables or file descriptors—with other handlers, and the program doesn't temporarily disable (or 'mask') incoming signals, a major risk emerges. An attacker can exploit this by sending a second signal while the first handler is still executing, triggering a different handler that modifies the same shared resources. This uncontrolled interruption corrupts the program's internal state because the first handler's assumptions about that state become invalid. The result is often a crash, data loss, or undefined behavior that an attacker can potentially leverage to gain control of the application or cause a denial of service. To prevent this, developers must design signal handlers to either be re-entrant (stateless) or ensure all related signals are masked for the handler's entire duration.
Common Consequences 1
Scope: Integrity

Impact: Modify Application Data
Potential Mitigations 1
Phase: Implementation
Turn off dangerous handlers when performing sensitive operations.
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Implementation
Related Weaknesses
ChildOf: Signal Handler Race Condition (CWE-364)
Taxonomy Mapping
  • CERT C Secure Coding
  • PLOVER