Signalling processes is security-sensitive. It has led in the past to the following vulnerabilities:
Sending signals without checking properly which process will receive it can cause a denial of service.
Ask Yourself Whether
- the PID of the process to which the signal will be sent is coming from an untrusted source. It could for example come from a world-writable
- users who are asking for the signal to be sent might not have the permission to send those signals.
There is a risk if you answered yes to any of those questions.
Recommended Secure Coding Practices
- If the signal is sent because of a user’s request. Check that the user is allowed to send this signal. You can for example forbid it if the
user doesn’t own the process.
- Secure the source from which the process PID is read.
- Run the process sending the signals with minimal permissions.
Sensitive Code Example
def send_signal(pid, sig, pgid):
os.kill(pid, sig) # Sensitive
os.killpg(pgid, sig) # Sensitive