The OpenSSH vuln is just a reminder that there's a list of officially supported syscalls you're allows to make in a signal handler, and the BEST thing is to pretend that list only contains _exit and no functions, and instead, set a sig_atomic_t type, and handle it in the body of your code/event loop.
Anything else is just problematic.