Is possible to check rights to ioctl

Question

I'm writing network configuring system for embedded device, which uses ioctl calls. On starting system I need to check rights to future calls. Is possible to check enough or have not enough privileges to ioctl(ID) call without calling that ioctl?

score 0 · Answer 1 · answered Jul 03 '14 at 13:20

0

That really sounds like bad design, you can't check "right to future calls", since something might change. After all, it's the future, so it's really hard to predict, and many technical solutions are better off by not even trying.

If you do the call thinking it "should" succeed, and it fails any way, you still need to handle it. So you might as well handle the permissions-failure too, and not bother trying to check it in advance.

answered Jul 03 '14 at 13:20

unwind

391,730
64
469
606

of course I should checks result of ioctls, but on start I want do self diagnostics – Dcow Jul 03 '14 at 13:25

score 0 · Accepted Answer · answered Jul 03 '14 at 13:30

I don't know if this answer to your ask but did you look about capabilities ?

if (!CAP_IS_SUPPORTED(CAP_NET_ADMIN)){ 
     EXIT_FAIL("Capability CAP_NET_ADMIN is not supported\n");
}

Extracted from man :

... 
CAP_NET_ADMIN
 Perform various network-related operations:     
   * interface configuration;
   * administration of IP firewall, masquerading, and accounting
   * modify routing tables;
   * bind to any address for transparent proxying;
   * set type-of-service (TOS)
   * clear driver statistics;
   * set promiscuous mode;
   * enabling multicasting;
...

Hop this help

Is possible to check rights to ioctl

2 Answers2