区分 uid-wide kill(-1,…) 和 targeted kill
Differentiating a uid-wide kill(-1,…) from a targetted kill
如果进程运行 kill(-1,SIGKILL);(或使用不同的信号)并且调用终止了调用者(MacOS 的 kill(-1,...) 会这样做,尽管 Linux 使调用者存活)但不是它的父级(父级有一个不同的 uid),父级可以使用 POSIX 提供的设施来判断 kill-caller 是否因为它用 kill(-1,...) 调用杀死了自己或者因为另一个进程而死了杀了它?
首先,如果您向进程发送 SIGKILL,它们将永远看不到信号 - 它们只是被内核立即杀死。
否则,根据 2.4.3 Signal Actions of the POSIX standard,如果您的信号处理程序使用 SA_SIGINFO 标志注册,您可以提取发送信号的进程的 PID:
If the SA_SIGINFO flag for the signal is set, the signal-catching
function shall be entered as a C-language function call as follows:
void func(int signo, siginfo_t *info, void *context);
where func is the specified signal-catching function, signo is the
signal number of the signal being delivered, and info is a pointer
to a siginfo_t structure defined in <signal.h> containing at least
the following members:
Member Type Member Name Description
int si_signo Signal number.
int si_code Cause of the signal.
pid_t si_pid Sending process ID.
uid_t si_uid Real user ID of sending process.
void * si_addr Address of faulting instruction.
int si_status Exit value or signal.
union sigval si_value Signal value.
The si_signo member shall contain the signal number. This shall be
the same as the signo parameter. The si_code member shall contain
a code identifying the cause of the signal. The following
non-signal-specific values are defined for si_code:
SI_USER
The signal was sent by the kill() function. The implementation may set si_code to SI_USER if the signal was sent by the raise()
or abort() functions or any similar functions provided as
implementation extensions. SI_QUEUE
The signal was sent by the sigqueue() function. SI_TIMER
The signal was generated by the expiration of a timer set by timer_settime(). SI_ASYNCIO
The signal was generated by the completion of an asynchronous I/O request. SI_MESGQ
The signal was generated by the arrival of a message on an empty message queue.
Signal-specific values for si_code are also defined, as described in
<signal.h>.
这应该提供足够的信息来判断信号是否是由对 kill() 的调用生成的,哪个进程发送了信号,谁发送了信号。或者,如果信号是由内部故障产生的,例如 SIGSEGV.
如果进程运行 kill(-1,SIGKILL);(或使用不同的信号)并且调用终止了调用者(MacOS 的 kill(-1,...) 会这样做,尽管 Linux 使调用者存活)但不是它的父级(父级有一个不同的 uid),父级可以使用 POSIX 提供的设施来判断 kill-caller 是否因为它用 kill(-1,...) 调用杀死了自己或者因为另一个进程而死了杀了它?
首先,如果您向进程发送 SIGKILL,它们将永远看不到信号 - 它们只是被内核立即杀死。
否则,根据 2.4.3 Signal Actions of the POSIX standard,如果您的信号处理程序使用 SA_SIGINFO 标志注册,您可以提取发送信号的进程的 PID:
If the
SA_SIGINFOflag for the signal is set, the signal-catching function shall be entered as a C-language function call as follows:void func(int signo, siginfo_t *info, void *context);where
funcis the specified signal-catching function,signois the signal number of the signal being delivered, andinfois a pointer to asiginfo_tstructure defined in<signal.h>containing at least the following members:Member Type Member Name Description int si_signo Signal number. int si_code Cause of the signal. pid_t si_pid Sending process ID. uid_t si_uid Real user ID of sending process. void * si_addr Address of faulting instruction. int si_status Exit value or signal. union sigval si_value Signal value.The
si_signomember shall contain the signal number. This shall be the same as thesignoparameter. Thesi_codemember shall contain a code identifying the cause of the signal. The following non-signal-specific values are defined forsi_code:
SI_USERThe signal was sent by thekill()function. The implementation may setsi_codetoSI_USERif the signal was sent by theraise()orabort()functions or any similar functions provided as implementation extensions.SI_QUEUEThe signal was sent by thesigqueue()function.SI_TIMERThe signal was generated by the expiration of a timer set bytimer_settime().SI_ASYNCIOThe signal was generated by the completion of an asynchronous I/O request.SI_MESGQThe signal was generated by the arrival of a message on an empty message queue.Signal-specific values for
si_codeare also defined, as described in<signal.h>.
这应该提供足够的信息来判断信号是否是由对 kill() 的调用生成的,哪个进程发送了信号,谁发送了信号。或者,如果信号是由内部故障产生的,例如 SIGSEGV.