0

I am trying to overwrite or change the Signals of a process. As I guess there is a table of signals in every process separately.

Is there anything like that in the /proc folder?

Thank you for your time.

superuser
  • 1
  • 1

2 Answers2

2

/proc/<pid>/status includes fields describing the given process’ signal handling; see man 5 proc for details. For example:

 SigPnd: 0000000000000000
 ShdPnd: 0000000000000000
 SigBlk: 0000000000010000
 SigIgn: 0000000000384004
 SigCgt: 000000004b813efb

Signal handling can’t be changed externally, you can’t use this to affect a process’ signal handling.

If you can ptrace a process, you can attach a debugger to it and use this to change its signal handling.

Stephen Kitt
  • 411,918
  • 54
  • 1,065
  • 1,164
  • So if I want for example to make a process unkillable there is not a way to do it through the /proc folder of it? I am trying to develop a Kernel Module that makes a process unkillable. – superuser Apr 22 '22 at 19:24
  • If you’re developing a kernel module, you shouldn’t go through `/proc`; you can access the task structs directly. – Stephen Kitt Apr 22 '22 at 19:36
  • I did that actually and it works fine. But if I kill the process through the Parent PID it dies. Do you have any idea how to avoid that scenario and make it really unkillable? (I thought to make unkillable recursively his parent and the parent of the parent.... etc. etc. but I do not think that this is a smart way to do it. The command I use now in the Kernel is: t_struct->signal->flags = t_struct->signal->flags | SIGNAL_UNKILLABLE – superuser Apr 22 '22 at 19:46
  • You might need to reparent your process, *e.g.* to `kthreadd` (pid 2). – Stephen Kitt Apr 24 '22 at 10:20
  • Yes, that was one of my thoughts. Although, I did not find any struct or functions that changes the PID or the PPID of a process. Thank you for your time again. – superuser Apr 24 '22 at 20:19
0

Yes, read "NOTES" section in man 7 signal:

The /proc/[pid]/task/[tid]/status file contains various fields that show the signals that a thread is blocking (SigBlk), catching (SigCgt), or ignoring (SigIgn). (The set of signals that are caught or ignored will be the same across all threads in a process.) Other fields show the set of pending signals that are directed to the thread (SigPnd) as well as the set of pending signals that are directed to the process as a whole (ShdPnd). The corresponding fields in /proc/[pid]/status show the information for the main thread. See proc(5) for further details.

Kusalananda
  • 320,670
  • 36
  • 633
  • 936
White Owl
  • 4,511
  • 1
  • 4
  • 15