linux,faqs,howtos,man,forum,squid,mount,ntfs,bandwidth,gnu,opensource,directory
  
Home | Forum | MAN Pages | Tutorials | Directory | HOWTOs | About Me | Contact
You are Browsing Linux HOWTOS
 
FAQS
- Advanced Routing & Traffic Control
- General FAQ
- Squid Proxy Server
- Sendmail
- Fetchmail
- Postfix
- Connecting Mobile Phone
- Paging from Linux
- Standard Commands
- Some common terms
Linux HOWTOs
- Single List of HOWTOs
- 4mb-Laptops
- Caudium-HOWTO
- Commercial-Port-Advocacy
- DVD Playback HOWTO
- IPMasquerading+Napster
- Finnish HOWTO
- - IPX-HOWTO
- Linux-Crash-HOWTO
- Mail2News
- Mozilla-Optimization
- NLM-HOWTO
- Polish-HOWTO
- Secure-Programs-HOWTO
- SLIP-PPP-Emulator
- TclTk-HOWTO
- Ultra-DMA
- Virtual-Services-HOWTO
- Wearable-HOWTO
- Xterm-Title

- ADSL Bandwidth Management
- Compile Apache
- Make a Bootdisk
- Linux-Windows9x-Grub
- Linux-Windows
- Linux Crash Recovery
- Optimise Squid
- Block websites in Squid
- Broadcast webcam in linux
- Compile RedHat Linux kernel
- Implement Firewall Security
- Increase Harddrive Performance
- Mount NTFS filesystem
- Patch / rebuild SRPM
- Secure Linux
- Set up a DHCP Server
- Set up an FTP server
- Set up Linux as a Router
- Use Cron
- Samba
Miscellaneous
- All Ports
- Spammers fetch email addresses
- Mounting NTFS in linux
- Linux Gazette
- Linux Directory
- Linux Man

linux,man,pages,linux man pages,squid,ntfs,mount
  
Secure Programming for Linux and Unix HOWTO
PrevChapter 3. Summary of Linux and Unix Security FeaturesNext

3.5. Signals

Signals are a simple form of ``interruption'' in the Unix-like OS world, and are an ancient part of Unix. A process can set a ``signal'' on another process (say using kill(1) or kill(2)), and that other process would receive and handle the signal asynchronously. For a process to have permission to send an arbitrary signal to some other process, the sending process must either have root privileges, or the real or effective user ID of the sending process must equal the real or saved set-user-ID of the receiving process. However, some signals can be sent in other ways. In particular, SIGURG can be delivered over a network through the TCP/IP out-of-band (OOB) message.

Although signals are an ancient part of Unix, they've had different semantics in different implementations. Basically, they involve questions such as ``what happens when a signal occurs while handling another signal''? The older Linux libc 5 used a different set of semantics for some signal operations than the newer GNU libc libraries. Calling C library functions is often unsafe within a signal handler, and even some system calls aren't safe; you need to examine the documentation for each call you make to see if it promises to be safe to call inside a signal. For more information, see the glibc FAQ (on some systems a local copy is available at /usr/doc/glibc-*/FAQ).

For new programs, just use the POSIX signal system (which in turn was based on BSD work); this set is widely supported and doesn't have some of the problems that some of the older signal systems did. The POSIX signal system is based on using the sigset_t datatype, which can be manipulated through a set of operations: sigemptyset(), sigfillset(), sigaddset(), sigdelset(), and sigismember(). You can read about these in sigsetops(3). Then use sigaction(2), sigprocmask(2), sigpending(2), and sigsuspend(2) to set up an manipulate signal handling (see their man pages for more information).

In general, make any signal handlers very short and simple, and look carefully for race conditions. Signals, since they are by nature asynchronous, can easily cause race conditions.

A common convention exists for servers: if you receive SIGHUP, you should close any log files, reopen and reread configuration files, and then re-open the log files. This supports reconfiguration without halting the server and log rotation without data loss. If you are writing a server where this convention makes sense, please support it.

Michal Zalewski [2001] has written an excellent tutorial on how signal handlers are exploited, and has recommendations for how to eliminate signal race problems. I encourage looking at his summary for more information; here are my recommendations, which are similar to Michal's work:

  • Where possible, have your signal handlers unconditionally set a specific flag and do nothing else.

  • If you must have more complex signal handlers, use only calls specifically designated as being safe for use in signal handlers. In particular, don't use malloc() or free() in C (which on most systems aren't protected against signals), nor the many functions that depend on them (such as the printf() family and syslog()). You could try to ``wrap'' calls to insecure library calls with a check to a global flag (to avoid re-entry), but I wouldn't recommend it.

  • Block signal delivery during all non-atomic operations in the program, and block signal delivery inside signal handlers.

PrevHomeNext
Sockets and Network ConnectionsUpQuotas and Limits
  
Random Linux Commands
XFree86
This is the main open source X-Windows server for Linux, needed to be able to run a GUI in Linux such as KDE or Gnome. There are other X-Windows servers, but this is the one that ships with most Linux distributions.

Common Linux terms
Linux-FAQs Search
linux,faqs,howto,howtos,man,manpages,directory,forum


Linux-FAQs Forum Categories
- About Forum
- Hardware Troubleshooting in Linux
- Linux Entertainment
- Resources
- Software toubleshooting and configuration
Linux-FAQs Man Pages
- About Forum
- Hardware Troubleshooting in Linux
- Linux Entertainment
- Resources
- Software toubleshooting and configuration
All Linux-FAQs Forums
- Crash Recovery
- FAQs
- Forum Talk
- Games
- General
- Linux Audio Support
- Linux Hardware / Driver
- Linux Installation Support
- Linux misc.
- Linux Networking
- Linux Newbies
- Linux Printing Support
- Linux Security
- Linux Video Support
- Mail Server
- Multimedia
- Tutorials
- Web Proxy Server
- Web Server

linux,man,man pages,faqs,howtos,forum
  
Powered by HTML
Linux-faqs.com Copyright, All rights reserved www.linux-faqs.com. Peeyush Maurya.