On Monday 16 October 2006 15:26, Douglas E. Engert wrote: > Is there any way to have PCSC limit access to reader devices to > the user logged in at the console? > > I would like avoid a user who has logged in over the network from > accessing a card in a reader inserted by the local user.
I looked at this issue quite a bit and proposed some changes and patches. Nothing really came of it, but you may find the discussion useful. http://lists.drizzle.com/pipermail/muscle/2006-March/005069.html I was going for a solution to a little more general problem than you're looking at, though. You might be able to accomplish what you need just by changing permissions on the pcscd socket. You'll need to restart pcscd when the user logs in, in order to ensure that any old connections to pcscd are torn down. And you might want to think about how to ensure that an attacker can't get a connection between the time you start pcscd and the time you change the ownership/permision of the socket. Maybe you should make sure that pcscd runs as the console user and that it creates the socket file with appropriately restricted access. Shawn. _______________________________________________ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle
