Is it possible to make an arbitrary program ignore

2020-07-30 00:13发布

问题:

Specifically on Mac OS X, is it possible to make a program ignore SIGTERM via DYLD_INSERT_LIBRARIES, in a way which works for any or most programs?

I tried compiling and inserting this:

#include<stdio.h>
#include<signal.h>
#include<unistd.h>

void sig_handler(int signo)
{
    if (signo == SIGTERM)
        printf("received SIGTERM\n");
}

int main(void)
{
    signal(SIGTERM, sig_handler);
    return 0;
}

However,

DYLD_INSERT_LIBRARIES=libignore.dylib sleep 60

was able to be kill -15'd without issue.

回答1:

You can create an executable that sets the action for SIGTERM to SIG_IGN and then execvp() the program you would like to run with that signal ignored:

Signals set to the default action (SIG_DFL) in the calling process image shall be set to the default action in the new process image. Except for SIGCHLD, signals set to be ignored (SIG_IGN) by the calling process image shall be set to be ignored by the new process image. Signals set to be caught by the calling process image shall be set to the default action in the new process image

You can do that even with bash:

#!/bin/bash
# no-sigterm.sh
trap "" SIGTERM 
exec "$@"

And then:

no-sigterm.sh sleep 60


回答2:

It is possible, but not the way you are doing it. Specifically:

  • You need to compile as a library. That means: - no main() , as in your sample. - an __attribute(constructor) for the entry point. And setting the sig handler there

  • The program you're injecting into must itself not set a signal handler after your injected library does (i.e. no call to signal() in the library. If it does, it will override your handler. Of course, you can get around this concern if you also provide a mock signal implementation that does nothing via function interposing.