Skip to content

sigprocmask

Intro

sigprocmask - using signal sets, this function is used to examine and change the signal mask of the calling thread.

Description

sigprocmask is used examine and / or alter the signal mask of the calling thread. Passing SIG_SETMASK as the how parameter will replace the entire mask with the set value, while passing SIG_SETMASK & SIG_BLOCK adds the set value to the existing mask. SIG_SETMASK & SIG_UNBLOCK removes the set value from the existing mask, while SIG_SETMASK & SIG_UNBLOCK =0 returns the current mask without changing it. If a non-null oldset is passed, the existing mask will be stored in oldset.

Using this function, it is possible to temporarily block certain signals or alter them to ignore them without actually modifying their disposition.

Arguments

  • how:int(SIG_SETMASK, SIG_BLOCK, SIG_UNBLOCK) - specifies what action to take with the set parameter.
  • set:const sigset_t *restrict[K,TOCTOU] - a pointer to the signal set defining the signals which are to be blocked, unblocked or returned.
  • oldset:sigset_t *restrict[K,U] - a pointer (allocated by the caller) to a sigset_t structure in which the existing mask will be store (if non-null).

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

do_sigprocmask

Type

Kprobes

Purpose

Analyzation of the use of the sigprocmask syscall and tracking the changes made to the signal mask.

Example Use Case

This function can be used in a process that needs to temporarily block certain signals.

Issues

sigprocmask() is vulnerable to TOCTOU (Time of Check, Time of Use) attacks which could result in security issues.

  • signal() - Used to send a signal to a process or thread.
  • sigaddset() - Used to add an individual signal to a signal set.
  • sigdelset() - Used to delete an individual signal from a signal set.
  • sigemptyset() - Used to initialise or clear a signal set to the empty set.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.