IBM 10 SP1 EAL4 5.3.4 Signals, 5.3.5 Sockets

5.3.4 Signals

Signals offer a means of delivering asynchronous events to processes. Processes can send signals to each

other with the kill() system call, or the kernel can internally deliver the signals. Events that cause a signal

to be generated include keyboard interrupts via the interrupt, stop, or quit keys, exceptions from invalid

instructions, or termination of a process. Signal transmission can be broken into two phases:

●Signal generation phase: The kernel updates appropriate data structures of the target process to

indicate that a signal has been sent.

●Signal delivery phase: The kernel forces the target process to react to the signal by changing its

execution state and or the execution of a designated signal handler is started.

Signal transmission does not create any user-visible data structures, so there are no object reuse issues.

However, signal transmission does raise access control issues. This section describes relevant data structures

and algorithms used to implement DAC.

Access control is implemented in the signal generation phase. The main data structure involved in signal

transmission access control is the process descriptor structure task_struct. The task_struct of

each process contains fields that designate the real and effective user ID of the process for DAC access check.

These fields are used to determine if one process is allowed to send a signal to another process.

Access control is performed at the signal generation phase. Signal generation, either from the kernel or from

another process, is performed by invoking the routine send_sig_info(). The kill() system call,

along with signal generation by the kernel, ultimately invokes send_sig_info(). send_sig_info()

in turn calls check_kill_permission(), which allows signal generation if the kernel is trying to

generate a signal for a process. For user processes, send_sig_info() delivers the signal after ensuring

that at least one of the following is true:

•Sending and receiving processes belong to the same user.

•An administrator is the owner of the sending process.

•The signal is SIGCONT (to resume execution of a suspended process), and the receiving process is in

the same login session of the sending process.

If one of the above three conditions are met, then DAC access is allowed. f the above conditions are not met,

access is denied.

5.3.5 Sockets

A socket is an endpoint for communication. Two sockets must be connected to establish a communications

link. Sockets provide a common interface to allow process communication across a network, such as an

Internet domain, or on a single machine, such as a single UNIX domain.

Processes that communicate using sockets use a client-server model. A server provides a service, and clients

make use of that service. A server that uses sockets first creates a socket and then binds a name to it. An

Internet domain socket has an IP port address bound to it. The registered port numbers are listed in

/etc/services. For example, the default port number for an ftp server is 21.

Having bound an address to the socket, the server then listens for incoming connection requests specifying the

bound address. The originator of the request, the client, creates a socket and makes a connection request on it,