Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

User Permission check on ioctl command

I am implementing char driver ( Linux) and there are certain IOCTL commands are there in my driver which needs to be only executed by ADMIN.

My question is how can I check user permission under my ioctl command implementation and restrict unprivileged user from accessing IOCTL.

like image 742
Nishith Goswami Avatar asked Apr 27 '15 09:04

Nishith Goswami


People also ask

What are ioctl commands?

The ioctl() function manipulates the underlying device parameters of special files. In particular, many operating characteristics of character special files (e.g. terminals) may be controlled with ioctl() requests. The argument d must be an open file descriptor.

What is ioctl how it is used in user and kernel driver code?

In computing, ioctl (an abbreviation of input/output control) is a system call for device-specific input/output operations and other operations which cannot be expressed by regular system calls. It takes a parameter specifying a request code; the effect of a call depends completely on the request code.

What is the use of ioctl function in Linux?

The ioctl function is useful for implementing a device driver to set the configuration on the device. e.g. a printer that has configuration options to check and set the font family, font size etc. ioctl could be used to get the current font as well as set the font to a new one.

What is magic number in ioctl command?

To help programmers create unique ioctl command codes, these codes have been split up into several bitfields. The first versions of Linux used 16-bit numbers: the top eight were the “magic” number associated with the device, and the bottom eight were a sequential number, unique within the device.


1 Answers

You can use bool capable(int cap) function, which returns true if user has capability requested. Possible values of cap are listed in kernel sources at include/uapi/linux/capability.h (macros started with CAP_).

As you can see, there are many admin-like capabilities. Choose one which seems fit better for you task. Or just take CAP_SYS_ADMIN.

like image 127
Tsyvarev Avatar answered Sep 20 '22 10:09

Tsyvarev