CWE-364 – Signal Handler Race Condition

Read Time:1 Minute, 33 Second

Description

The software uses a signal handler that introduces a race condition.

Modes of Introduction:

– Architecture and Design

 

Likelihood of Exploit: Medium

 

Related Weaknesses

CWE-362
CWE-415
CWE-416
CWE-123

 

Consequences

Integrity, Confidentiality, Availability: Modify Application Data, Modify Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands

It may be possible to cause data corruption and possibly execute arbitrary code by modifying global variables or data structures at unexpected times, violating the assumptions of code that uses this global data.

Access Control: Gain Privileges or Assume Identity

If a signal handler interrupts code that is executing with privileges, it may be possible that the signal handler will also be executed with elevated privileges, possibly making subsequent exploits more severe.

 

Potential Mitigations

Phase: Requirements

Description: 

Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.

Phase: Architecture and Design

Description: 

Design signal handlers to only set flags, rather than perform complex functionality. These flags can then be checked and acted upon within the main program loop.

Phase: Implementation

Description: 

Only use reentrant functions within signal handlers. Also, use validation to ensure that state is consistent while performing asynchronous actions that affect the state of execution.

CVE References

  • CVE-1999-0035
    • Signal handler does not disable other signal handlers, allowing it to be interrupted, causing other functionality to access files/etc. with raised privileges
  • CVE-2001-0905
    • Attacker can send a signal while another signal handler is already running, leading to crash or execution with root privileges
  • CVE-2001-1349
    • unsafe calls to library functions from signal handler
  • CVE-2004-0794
    • SIGURG can be used to remotely interrupt signal handler; other variants exist
  • CVE-2004-2259
    • SIGCHLD signal to FTP server can cause crash under heavy load while executing non-reentrant functions like malloc/free.