Signalling processes is security-sensitive. It has led in the past to the following vulnerabilities:

* CVE-2009-0390

* CVE-2002-0839

* CVE-2008-1671

Sending signals without checking properly which process will receive it can cause a denial of service.

Ask Yourself Whether

* the PID of the process to which the signal will be sent is coming from an untrusted source. It could for example come from a world-writable file.

* users who are asking for the signal to be sent might not have the permission to send those signals.

You are at risk if you answered yes to any of these questions.

Recommended Secure Coding Practices

* If the signal is sent because of a user's request. Check that the user is allowed to send this signal. You can for example forbid it if the user doesn't own the process.

* Secure the source from which the process PID is read.

* Run the process sending the signals with minimal permissions.

Questionable Code Example

posix_kill(42, 42); // Questionable

See

* MITRE, CWE-283 - Unverified Ownership