element14 Community
element14 Community
    Register Log In
  • Site
  • Search
  • Log In Register
  • Members
    Members
    • Achievement Levels
    • Benefits of Membership
    • Feedback and Support
    • Members Area
    • Personal Blogs
    • What's New on element14
  • Learn
    Learn
    • eBooks
    • Learning Center
    • Learning Groups
    • STEM Academy
    • Webinars, Training and Events
  • Technologies
    Technologies
    • 3D Printing
    • Experts & Guidance
    • FPGA
    • Industrial Automation
    • Internet of Things
    • Power & Energy
    • Sensors
    • Technology Groups
  • Challenges & Projects
    Challenges & Projects
    • Arduino Projects
    • Design Challenges
    • element14 presents
    • Project14
    • Project Groups
    • Raspberry Pi Projects
  • Products
    Products
    • Arduino
    • Avnet Boards Community
    • Dev Tools
    • Manufacturers
    • Product Groups
    • Raspberry Pi
    • RoadTests & Reviews
  • Store
    Store
    • Visit Your Store
    • Or choose another store...
      • Europe
      •  Austria (German)
      •  Belgium (Dutch, French)
      •  Bulgaria (Bulgarian)
      •  Czech Republic (Czech)
      •  Denmark (Danish)
      •  Estonia (Estonian)
      •  Finland (Finnish)
      •  France (French)
      •  Germany (German)
      •  Hungary (Hungarian)
      •  Ireland
      •  Israel
      •  Italy (Italian)
      •  Latvia (Latvian)
      •  
      •  Lithuania (Lithuanian)
      •  Netherlands (Dutch)
      •  Norway (Norwegian)
      •  Poland (Polish)
      •  Portugal (Portuguese)
      •  Romania (Romanian)
      •  Russia (Russian)
      •  Slovakia (Slovak)
      •  Slovenia (Slovenian)
      •  Spain (Spanish)
      •  Sweden (Swedish)
      •  Switzerland(German, French)
      •  Turkey (Turkish)
      •  United Kingdom
      • Asia Pacific
      •  Australia
      •  China
      •  Hong Kong
      •  India
      •  Korea (Korean)
      •  Malaysia
      •  New Zealand
      •  Philippines
      •  Singapore
      •  Taiwan
      •  Thailand (Thai)
      • Americas
      •  Brazil (Portuguese)
      •  Canada
      •  Mexico (Spanish)
      •  United States
      Can't find the country/region you're looking for? Visit our export site or find a local distributor.
  • Translate
  • Profile
Raspberry Pi
  • Products
  • More
Raspberry Pi
Raspberry Pi Forum Anyone know how to access RasPi GPIO without sudo?
  • Blog
  • Forum
  • Documents
  • Events
  • Polls
  • Files
  • Members
  • Mentions
  • Sub-Groups
  • Tags
  • More
  • Cancel
  • New
Raspberry Pi requires membership for participation - click to join
Featured Articles
Announcing Pi
Technical Specifications
Raspberry Pi FAQs
Win a Pi
Raspberry Pi Wishlist
Actions
  • Share
  • More
  • Cancel
Forum Thread Details
  • State Verified Answer
  • Replies 14 replies
  • Answers 2 answers
  • Subscribers 553 subscribers
  • Views 4659 views
  • Users 0 members are here
  • raspberry_pi
Related

Anyone know how to access RasPi GPIO without sudo?

johnbeetem
johnbeetem over 11 years ago

I've finally gotten around to playing with RasPi GPIOs, using Gert van Loo and Dom's C code at the RasPi Wiki.  It works fine, except that you have to run the executable as root or use sudo to access /dev/mem.

 

Does anyone here know how to access /dev/mem as a normal user?

  • Sign in to reply
  • Cancel
Parents
  • Arjan
    0 Arjan over 11 years ago

    Either you have to run your application as root, or use a device driver than trying to use /dev/mem

    • Cancel
    • Vote Up 0 Vote Down
    • Sign in to reply
    • Verify Answer
    • Cancel
  • rew
    0 rew over 11 years ago in reply to Arjan

    Unix has a "security model". As a normal users you can do stuff, but you should not be able to access other people's files on the same computer. And as a user you should not be able to cause the computer to stop working.

     

    This means that as a rule, you should not be able to directly access hardware, like the physical memory of the computer. So that's why /dev/mem is protected so that normal users cannot access it.

     

    Now "/dev/mem" allows you much, much more "mischief" than just changing a GPIO. So that's why /dev/mem must be protected against normal users.

     

    If "allowable" things need to happen, the normal way to achieve this is to make a setuid program. The program GETS the priviledges needed once it is executed, the program then checks permissions (if neccessary) and then allows you to do the little thing you wanted.

     

    As an example, the system cannot and should not allow you to insert a random packet onto the network. However the operating system does not provide a way to send "ICMP ECHO REQUEST" packets. There is a program that does that: "ping"! So the ping program gets privileges, uses that to send a carefully prepared ICMP ECHO REQUEST packet, and display the results. Although it uses the system mechanism for "sending arbitrary packets", it should restrict you to only send the innocent ICMP ECHO REQUEST packets. The ping program doesn't have any further permission checking (that I know of).

     

    Now back to your problem...
    If you make a little program that allows you to manipulate just the GPIO outputs, that won't allow you to cause all the other mischief you'd be able to make with "/dev/mem" access, then you can install that program with superuser permissions (setuid) and then you can use that program as a normal user.

     

    I have written such a program. IIRC, it is contained in this package:

    http://www.bitwizard.nl/software/gpio_spi_i2c_20120419.tgz

     

    The program can be made setuid by doing:

      sudo chown root <program name>

      sudo chmod 4755 <program name>

     

    The program I wrote has NOT been checked for security in this scenario.

     

    The responsibility of "keeping the system safe" is moved from the kernel to the program with the elevated permissions. So if the "ping" program contained a bug that, say, would allow hackers to specify arbitrary network packets, then the protection of the system that normal users cannot send arbitrary network packets breaks down.

    • Cancel
    • Vote Up +1 Vote Down
    • Sign in to reply
    • Reject Answer
    • Cancel
Reply
  • rew
    0 rew over 11 years ago in reply to Arjan

    Unix has a "security model". As a normal users you can do stuff, but you should not be able to access other people's files on the same computer. And as a user you should not be able to cause the computer to stop working.

     

    This means that as a rule, you should not be able to directly access hardware, like the physical memory of the computer. So that's why /dev/mem is protected so that normal users cannot access it.

     

    Now "/dev/mem" allows you much, much more "mischief" than just changing a GPIO. So that's why /dev/mem must be protected against normal users.

     

    If "allowable" things need to happen, the normal way to achieve this is to make a setuid program. The program GETS the priviledges needed once it is executed, the program then checks permissions (if neccessary) and then allows you to do the little thing you wanted.

     

    As an example, the system cannot and should not allow you to insert a random packet onto the network. However the operating system does not provide a way to send "ICMP ECHO REQUEST" packets. There is a program that does that: "ping"! So the ping program gets privileges, uses that to send a carefully prepared ICMP ECHO REQUEST packet, and display the results. Although it uses the system mechanism for "sending arbitrary packets", it should restrict you to only send the innocent ICMP ECHO REQUEST packets. The ping program doesn't have any further permission checking (that I know of).

     

    Now back to your problem...
    If you make a little program that allows you to manipulate just the GPIO outputs, that won't allow you to cause all the other mischief you'd be able to make with "/dev/mem" access, then you can install that program with superuser permissions (setuid) and then you can use that program as a normal user.

     

    I have written such a program. IIRC, it is contained in this package:

    http://www.bitwizard.nl/software/gpio_spi_i2c_20120419.tgz

     

    The program can be made setuid by doing:

      sudo chown root <program name>

      sudo chmod 4755 <program name>

     

    The program I wrote has NOT been checked for security in this scenario.

     

    The responsibility of "keeping the system safe" is moved from the kernel to the program with the elevated permissions. So if the "ping" program contained a bug that, say, would allow hackers to specify arbitrary network packets, then the protection of the system that normal users cannot send arbitrary network packets breaks down.

    • Cancel
    • Vote Up +1 Vote Down
    • Sign in to reply
    • Reject Answer
    • Cancel
Children
No Data
element14 Community

element14 is the first online community specifically for engineers. Connect with your peers and get expert answers to your questions.

  • Members
  • Learn
  • Technologies
  • Challenges & Projects
  • Products
  • Store
  • About Us
  • Feedback & Support
  • FAQs
  • Terms of Use
  • Privacy Policy
  • Legal and Copyright Notices
  • Sitemap
  • Cookies

An Avnet Company © 2023 Premier Farnell Limited. All Rights Reserved.

Premier Farnell Ltd, registered in England and Wales (no 00876412), registered office: Farnell House, Forge Lane, Leeds LS12 2NE.

ICP 备案号 10220084.

Follow element14

  • X
  • Facebook
  • linkedin
  • YouTube