IBM 10 SP1 EAL4 manual Signals, Sockets, Data structures, Algorithms

5.3.4Signals

Signals offer a means of delivering asynchronous events to processes. Processes can send signals to each other with the kill() system call, or the kernel can internally deliver the signals. Events that cause a signal to be generated include keyboard interrupts via the interrupt, stop, or quit keys, exceptions from invalid instructions, or termination of a process. Signal transmission can be broken into two phases:

●Signal generation phase: The kernel updates appropriate data structures of the target process to indicate that a signal has been sent.

●Signal delivery phase: The kernel forces the target process to react to the signal by changing its execution state and or the execution of a designated signal handler is started.

Signal transmission does not create any user-visible data structures, so there are no object reuse issues. However, signal transmission does raise access control issues. This section describes relevant data structures and algorithms used to implement DAC.

5.3.4.1Data structures

Access control is implemented in the signal generation phase. The main data structure involved in signal transmission access control is the process descriptor structure task_struct. The task_struct of each process contains fields that designate the real and effective user ID of the process for DAC access check. These fields are used to determine if one process is allowed to send a signal to another process.

5.3.4.2Algorithms

Access control is performed at the signal generation phase. Signal generation, either from the kernel or from another process, is performed by invoking the routine send_sig_info(). The kill() system call, along with signal generation by the kernel, ultimately invokes send_sig_info(). send_sig_info() in turn calls check_kill_permission(), which allows signal generation if the kernel is trying to generate a signal for a process. For user processes, send_sig_info() delivers the signal after ensuring that at least one of the following is true:

•Sending and receiving processes belong to the same user.

•An administrator is the owner of the sending process.

•The signal is SIGCONT (to resume execution of a suspended process), and the receiving process is in the same login session of the sending process.

If one of the above three conditions are met, then DAC access is allowed. f the above conditions are not met, access is denied.

5.3.5Sockets

A socket is an endpoint for communication. Two sockets must be connected to establish a communications link. Sockets provide a common interface to allow process communication across a network, such as an Internet domain, or on a single machine, such as a single UNIX domain.

Processes that communicate using sockets use a client-server model. A server provides a service, and clients make use of that service. A server that uses sockets first creates a socket and then binds a name to it. An Internet domain socket has an IP port address bound to it. The registered port numbers are listed in /etc/services. For example, the default port number for an ftp server is 21.

Having bound an address to the socket, the server then listens for incoming connection requests specifying the bound address. The originator of the request, the client, creates a socket and makes a connection request on it,

68