IBM 10 SP1 EAL4 Server User Manual


 
5.3.4 Signals
Signals offer a means of delivering asynchronous events to processes. Processes can send signals to each
other with the kill() system call, or the kernel can internally deliver the signals. Events that cause a signal
to be generated include keyboard interrupts via the interrupt, stop, or quit keys, exceptions from invalid
instructions, or termination of a process. Signal transmission can be broken into two phases:
Signal generation phase: The kernel updates appropriate data structures of the target process to
indicate that a signal has been sent.
Signal delivery phase: The kernel forces the target process to react to the signal by changing its
execution state and or the execution of a designated signal handler is started.
Signal transmission does not create any user-visible data structures, so there are no object reuse issues.
However, signal transmission does raise access control issues. This section describes relevant data structures
and algorithms used to implement DAC.
5.3.4.1 Data structures
Access control is implemented in the signal generation phase. The main data structure involved in signal
transmission access control is the process descriptor structure task_struct. The task_struct of
each process contains fields that designate the real and effective user ID of the process for DAC access check.
These fields are used to determine if one process is allowed to send a signal to another process.
5.3.4.2 Algorithms
Access control is performed at the signal generation phase. Signal generation, either from the kernel or from
another process, is performed by invoking the routine send_sig_info(). The kill() system call,
along with signal generation by the kernel, ultimately invokes send_sig_info(). send_sig_info()
in turn calls check_kill_permission(), which allows signal generation if the kernel is trying to
generate a signal for a process. For user processes, send_sig_info() delivers the signal after ensuring
that at least one of the following is true:
Sending and receiving processes belong to the same user.
An administrator is the owner of the sending process.
The signal is SIGCONT (to resume execution of a suspended process), and the receiving process is in
the same login session of the sending process.
If one of the above three conditions are met, then DAC access is allowed. f the above conditions are not met,
access is denied.
5.3.5 Sockets
A socket is an endpoint for communication. Two sockets must be connected to establish a communications
link. Sockets provide a common interface to allow process communication across a network, such as an
Internet domain, or on a single machine, such as a single UNIX domain.
Processes that communicate using sockets use a client-server model. A server provides a service, and clients
make use of that service. A server that uses sockets first creates a socket and then binds a name to it. An
Internet domain socket has an IP port address bound to it. The registered port numbers are listed in
/etc/services. For example, the default port number for an ftp server is 21.
Having bound an address to the socket, the server then listens for incoming connection requests specifying the
bound address. The originator of the request, the client, creates a socket and makes a connection request on it,
68