CWE-364: Signal Handler Race Condition
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product uses a signal handler that introduces a race condition.
常见后果
影响范围: Integrity Confidentiality Availability
技术影响: Modify Application Data Modify Memory DoS: Crash, Exit, or Restart Execute Unauthorized Code or Commands
说明: It may be possible to cause data corruption and possibly execute arbitrary code by modifying global variables or data structures at unexpected times, violating the assumptions of code that uses this global data.
影响范围: Access Control
技术影响: Gain Privileges or Assume Identity
说明: If a signal handler interrupts code that is executing with privileges, it may be possible that the signal handler will also be executed with elevated privileges, possibly making subsequent exploits more severe.
潜在缓解措施
阶段: Requirements
策略: Language Selection
描述: Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
阶段: Architecture and Design
描述: Design signal handlers to only set flags, rather than perform complex functionality. These flags can then be checked and acted upon within the main program loop.
阶段: Implementation
描述: Only use reentrant functions within signal handlers. Also, use validation to ensure that state is consistent while performing asynchronous actions that affect the state of execution.
观察示例
参考: CVE-1999-0035
Signal handler does not disable other signal handlers, allowing it to be interrupted, causing other functionality to access files/etc. with raised privileges
参考: CVE-2001-0905
Attacker can send a signal while another signal handler is already running, leading to crash or execution with root privileges
参考: CVE-2001-1349
unsafe calls to library functions from signal handler
参考: CVE-2004-0794
SIGURG can be used to remotely interrupt signal handler; other variants exist
参考: CVE-2004-2259
SIGCHLD signal to FTP server can cause crash under heavy load while executing non-reentrant functions like malloc/free.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Signal handler race condition | - |
| 7 Pernicious Kingdoms | - | Signal Handling Race Conditions | - |
| CLASP | - | Race condition in signal handler | - |
| Software Fault Patterns | SFP19 | Missing Lock | - |