I am implementing a char driver (Linux), and there are certain IOCTL commands in my driver that only ADMIN should execute.
My question is how can I verify user rights as part of my implementation of the ioctl command and restrict the access of an unprivileged user to IOCTL.
You can use a function bool capable(int cap)that returns true if the user requests an opportunity. Possible cap values are listed in the kernel sources in include/uapi/linux/capability.h(macros begin with CAP _).
bool capable(int cap)
include/uapi/linux/capability.h
, - . , . CAP_SYS_ADMIN.
ioctl, . , ioctl, struct file *file, , file->f_mode FMODE_WRITE.
ioctl
struct file *file
file->f_mode
FMODE_WRITE
if (!(file->f_mode & FMODE_WRITE)) return -EACCES;
, . , , -, , .
open() O_RDONLY, , .
open()
O_RDONLY
ioctl , (CAP_SYS_ADMIN, , ).
CAP_SYS_ADMIN
if (!capable(CAP_SYS_ADMIN)) return -EACCES;
Source: https://habr.com/ru/post/1584866/More articles:Printing POS in Java - javaHow to declare a function with a specific return type that matches the protocol? - genericsJade engine template: show and hide a specific block - htmlUnable to read property data 'w90> kendo ui js grid with customdropdown - javascriptSpringBoot Injection RedisTemplate with custom entity - javaHow do I implement the Amazon Product API for iOS? - amazonGet Tagged Messages Using JGit - eclipseIs it possible to have order numbers in ordered markdown lists? - markdownКак получить специальные телефонные номера ярлыков в адресной книге - iosКак глубоко связать приложение с встроенным браузером приложений Facebook? - androidAll Articles