It's not new(s) to me, but there will always be many for whom signals are new and enigmatic.

I think forking a sub-process and killing it if it doesn't complete before the timeout expires is a simple and effective solution to the problem. Whenever there is a risk of arbitrarily bad code to recover from, encapsulating it in a separate process is, in my experience, very helpful.