next up previous contents
Next: Resource Limits and Usage Up: Process Management Previous: Capabilities   Contents


The alarm and setitimer calls may be used to arrange for a signal to be sent to the calling process after an interval. The getitimer call obtains the value of an interval timer. The calls are implemented in kernel/sched.c and kernel/itimer.c. Currently, no controls are performed. A process could arrange for a signal to be delivered and perform an execve or execve_secure before the signal is generated, thus effectively delivering a signal to itself after a SID change. This signal is not subject to any access checking, so additional controls are necessary when the execve is performed. Timers could be cleared upon an execve that changes SID if the calling process lacks the appropriate signal permission to the transformed process.