0

Is it possible to catch signals received (specifically SIGSEGV, SIGABRT) by child processes of a program without actually modifying it (or with minimal modification)? The program I'm talking about is a pretty complex tool of which I don't have low-level (implementation details) knowledge of. I do have access to its source code. I can start it using a command like:

$ ./tool_name start       # tool_name is an executable created after compiling and building its source code

It forks many child processes and I want to see if those child processes are being killed by a signal or not.

What I have thought about is to create a simple C program and call above command through that (using system()). Write a signal handler for above signals I'm looking for, and do other stuffs. Is it a right way to keep track of signals received by child processes? Is there a better way to do the same?

Scissor
  • 153
  • 2
  • 14
  • What operating system (kernel) are you using? There may be other ways to handle the signals or at least track them depending on what operating system is being run. – Louis Langholtz Aug 09 '17 at 03:30
  • It's Linux (any kernel version after 3.18 will work). – Scissor Aug 09 '17 at 03:32
  • Have you looked at the [linux audit subsystem](http://people.redhat.com/sgrubb/audit/) for this? Or into the possibility of using [`strace`](http://man7.org/linux/man-pages/man1/strace.1.html) or [`ptrace`](http://man7.org/linux/man-pages/man2/ptrace.2.html)? I ask because they seem like maybe they'd suffice. Your question's title suggests to me that you may also want to change how the signal gets handled which I don't think these will give you though. – Louis Langholtz Aug 10 '17 at 11:37
  • Seems like [how to intercept linux signals ? (in C)](https://stackoverflow.com/questions/1935537/how-to-intercept-linux-signals-in-c) is a related question. Based on the top answer, it appears `ptrace` also provides some ability to manipulate the signals sent to the process. – Louis Langholtz Aug 10 '17 at 11:41

0 Answers0