Verifying user rights on the ioctl command

Question

Verifying user rights on the ioctl command

I am implementing a char driver (Linux), and there are certain IOCTL commands in my driver that only ADMIN should execute.

My question is how can I verify user rights as part of my implementation of the ioctl command and restrict the access of an unprivileged user to IOCTL.

+4

linux linux-kernel ioctl

Nishith goswami Apr 27 '15 at 9:25

source share

2 answers

Tsyvarev · Answer 1 · 2015-04-27T10:34:22+0000

You can use a function bool capable(int cap)that returns true if the user requests an opportunity. Possible cap values are listed in the kernel sources in include/uapi/linux/capability.h(macros begin with CAP _).

, - . , . CAP_SYS_ADMIN.

Craig McQueen · Answer 2 · 2016-01-29T06:47:34+0000

ioctl, . , ioctl, struct file *file, , file->f_mode FMODE_WRITE.

if (!(file->f_mode & FMODE_WRITE))
        return -EACCES;

, . , , -, , .

open() O_RDONLY, , .

ioctl , (CAP_SYS_ADMIN, , ).

if (!capable(CAP_SYS_ADMIN))
        return -EACCES;

Verifying user rights on the ioctl command

More articles: