堆栈内存溢出
  简体   繁体   English

检查SUID属性以获取内核模块中的打开文件

[英]Check SUID attribute for open file within a kernel module

 原文  2019-08-07 14:10:33       c/ linux-kernel/ suid

问题描述

I'm writing a kernel module which needs to check the attribute suid of a given file descriptor. 我正在编写一个内核模块,该模块需要检查给定文件描述符的属性suid I checked through the various kernel structure, but I couldn't find any clue on the topic. 我检查了各种内核结构,但找不到有关该主题的任何线索。

I expected somehow to find a field containing a bitwise Unix-stile permission, but I couldn't find any. 我期望以某种方式找到一个包含按位Unix-stile权限的字段,但是我找不到任何字段。

My goal is to write a function which just states if the file referenced by a given file descriptor has its suid attribute set or not. 我的目标是编写一个仅声明给定文件描述符引用的文件是否具有其suid属性的函数。 

int issuid(file *f){
 ...
}

My best bet would be looking into the inode structure, where I did search (wihout success), but considering the inode as the in-memory representation of a file on the physical disk, and considering some filesystem do not have Unix-style file permissions, I'm not still sure I'm looking in the right direction. 我最好的选择是查找inode结构,在该结构中进行搜索(没有成功),但是将inode视为物理磁盘上文件的内存表示形式,并考虑某些文件系统没有Unix样式的文件权限,我仍然不确定自己是否朝着正确的方向前进。

1 个解决方案

解决方案1
 1  2019-08-07 15:04:48

I was already in the right direction, but somehow, I didn't realize it. 我已经朝着正确的方向前进,但是不知何故,我没有意识到这一点。

The inode structure has a field: inode结构具有一个字段: 

umode_t                     i_mode;

Which represents the file permissions. 代表文件权限。

In the file include/uapi/linux/stat.h you can see the file permissions starting from its very beginning. 在文件include / uapi / linux / stat.h中,您可以从一开始就看到文件许可权。 

#define S_IFMT  00170000
#define S_IFSOCK 0140000
#define S_IFLNK  0120000
#define S_IFREG  0100000
#define S_IFBLK  0060000
#define S_IFDIR  0040000
#define S_IFCHR  0020000
#define S_IFIFO  0010000
#define S_ISUID  0004000
#define S_ISGID  0002000
#define S_ISVTX  0001000

#define S_ISLNK(m)  (((m) & S_IFMT) == S_IFLNK)
#define S_ISREG(m)  (((m) & S_IFMT) == S_IFREG)
#define S_ISDIR(m)  (((m) & S_IFMT) == S_IFDIR)
#define S_ISCHR(m)  (((m) & S_IFMT) == S_IFCHR)
#define S_ISBLK(m)  (((m) & S_IFMT) == S_IFBLK)
#define S_ISFIFO(m) (((m) & S_IFMT) == S_IFIFO)
#define S_ISSOCK(m) (((m) & S_IFMT) == S_IFSOCK)

#define S_IRWXU 00700
#define S_IRUSR 00400
#define S_IWUSR 00200
#define S_IXUSR 00100

#define S_IRWXG 00070
#define S_IRGRP 00040
#define S_IWGRP 00020
#define S_IXGRP 00010

#define S_IRWXO 00007
#define S_IROTH 00004
#define S_IWOTH 00002
#define S_IXOTH 00001

I hope this answer can be useful to someone like me who can't see the obvious. 我希望这个答案对像我这样看不见的人有用。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Kernel 模块检查文件是否存在 - Kernel module check if file exists c:在内核模块中重命名文件 - c: rename file within kernel module 从C内核模块检查/ proc文件 - Check /proc file from C kernel module 无法在 kernel 模块中打开 filp_open 文件 - unable to open filp_open file in kernel module 在运行模块中获取Linux内核模块ko文件名 - Get Linux kernel module ko file name within running module 打开文件O_NONBLOCKING在内核模块中丢失 - open file O_NONBLOCKING gets lost in kernel module 在没有open()的情况下获取内核空间中的文件描述符和细节 - Getting file descriptors and details within kernel space without open() 内核模块的配置文件 - configuration file for kernel module 将更改恢复为内核模块中的文件 - Revert changes in to a file in kernel module 在linux内核模块中克隆一个文件 - Clone a file in linux kernel module
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM