Your message dated Sat, 1 Nov 2025 12:00:14 +0100
with message-id <[email protected]>
and subject line Re: Bug#930530: pcscd: Runs with possibly unnecessary
privileges
has caused the Debian Bug report #930530,
regarding pcscd: Runs with possibly unnecessary privileges
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
930530: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930530
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: pcscd
Version: 1.8.24-1
Severity: normal
Dear Maintainer,
pcscd currently runs as root. This is a security risk (as pointed out
in the SECURITY file shipped with pcscd). It was previously fixed in
Bug #606142 and regressed back to root when systemd support was added
(setgid was removed in 798d03c).
Is there a reason that pcscd needs to run as root, rather than a normal
user with access to the necessary device files? If so, could the
rationale be documented in the SECURITY file? If not, what would be
required to run as a non-root user and would you accept patches that
make the necessary changes?
Thanks,
Kevin
-- System Information:
Debian Release: 10.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.1.2 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8),
LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages pcscd depends on:
ii libc6 2.28-10
ii libccid [pcsc-ifd-handler] 1.4.30-1
ii libpcsclite1 1.8.24-1
ii libsystemd0 241-5
ii libudev1 241-5
ii lsb-base 10.2019051400
pcscd recommends no packages.
Versions of packages pcscd suggests:
ii systemd 241-5
-- no debconf information
--- End Message ---
--- Begin Message ---
Package: pcscd
Version: 2.4.0-1
Le 26/03/2025 à 23:49, Kevin Locke a écrit :
On Wed, 2025-03-26 at 16:42 +0100, Ludovic Rousseau wrote:
But pcscd is still running as root.
The next step is to run pcscd as a normal user.
This change is on my todo list.
Bye, and thank you for your patience
That'll be great. I really appreciate the restrictive sandboxing in
the meantime.
Thanks again for your work on this!
pcscd from pcsc-lite 2.4.0-1 now runs as a normal user.
See also https://blog.apdu.fr/posts/2025/10/pcscd-runs-as-pcscd-user/
Closing this bug.
Sorry for the 6 years of delay.
Thanks
--
Dr. Ludovic Rousseau
--- End Message ---
