Tracing UNIX signal origins?

For Linux users, there is a very easy way to identify the source of a signal. For example, the following is to find which task sends SIGKILL to others.

cd /sys/kernel/debug/tracing
echo 'sig==9' > events/signal/signal_generate/filter 
echo 1 > events/signal/signal_generate/enable
: > trace
echo 1 > tracing_on
tail -f trace

One instance, when I used 'pkill -9 sleep'.

# cat trace
[...]
       pkill-2982  [001] d... 750347.835838: signal_generate: sig=9 errno=0 code=0 comm=sleep pid=2981 grp=1 res=0

Without above 'sig==9' filter, 'trace' will show all signals sent among tasks.

Not from outside the process. The second argument to the signal handler is a siginfo_t structure which contains the PID of the sending process as one of its members. See sigaction(2) for more details.

Ptrace can be used to detect sender too. There is an ptrace(GETSIGINFO) call, which will give a debugger a chance to read (and, possibly, change) siginto_t struct.