• CWE-479: Signal Handler Use of a Non-reentrant Function

“The product defines a signal handler that invokes a non-reentrant function.”

Explanation of Choices:

  • “Invokes”: A more precise and formal term than “calls” in a technical context. It’s commonly used when discussing function execution. * Maintaining the English term “non-reentrant” as requested.

CWE-479: Signal Handler Use of a Non-reentrant Function

CWE ID: 479
Name: Signal Handler Use of a Non-reentrant Function

Beschreibung

“The product defines a signal handler that invokes a non-reentrant function.”

Explanation of Choices:

  • “Invokes”: A more precise and formal term than “calls” in a technical context. It’s commonly used when discussing function execution.
  • Maintaining the English term “non-reentrant” as requested.

Risikominderungsmaßnahmen

Maßnahme (Requirements)

Effektivität: Unknown
Beschreibung: “Require languages or libraries that provide reentrant functionality, or alternatively facilitate the avoidance of this vulnerability.”

Explanation of Choices:

  • “Facilitate”: A more formal and professional synonym for “make it easier.”
  • “Vulnerability”: A more accurate and industry-standard term for “weakness” in a security context.

Maßnahme (Architecture and Design)

Effektivität: Unknown
Beschreibung: “Design signal handlers to solely set flags, rather than execute complex functionality.”

Maßnahme (Implementation)

Effektivität: Unknown
Beschreibung: “Stellen Sie sicher, dass in Signal-Handlern keine nicht-reentranten Funktionen verwendet werden.”

Maßnahme (Implementation)

Effektivität: Defense in Depth
Beschreibung: “Implementieren Sie Sanity Checks, um das Zeitfenster für die Ausnutzung von Race Conditions zu verringern. Dies ist lediglich eine partielle Lösung, da viele Angriffe fehlschlagen mögen, während andere Angriffe dennoch innerhalb des verengten Zeitfensters funktionieren können, selbst unbeabsichtigt.”