Douglas E. Engert wrote on 10/16/06 02:26 PM:
Is there any way to have PCSC limit access to reader devices to the user logged in at the console? I would like avoid a user who has logged in over the network from accessing a card in a reader inserted by the local user.
Hah! Good idea... On Solaris, I do this using the logindevperm[1] mechanism to have the ownership of the socket and shared memory file changed to the user logging into the console, and the modes to 0600: # grep pcsc /etc/logindevperm /dev/console 0600 /var/run/pcscd.comm /dev/console 0600 /var/run/pcscd.pub # This line in winscard_msg_srv.c is a bit weak :( SYS_Chmod(PCSCLITE_CSOCK_NAME, S_IRWXO | S_IRWXG | S_IRWXU); Hope your platform has logindevperm... ~Iain [1] http://docs.sun.com/app/docs/doc/816-5174/6mbb98ugo?a=view _______________________________________________ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle