On Fri, Apr 4, 2008 at 4:33 PM, Timothy J Miller <[EMAIL PROTECTED]> wrote: > On Apr 4, 2008, at 7:03 AM, Ludovic Rousseau wrote: > > As you wrote all communications are over a single socket > > /var/run/pcscd.comm. So you just need to use the Unix security > > mechanism to restrict the access to this file to users allowed to use > > the smart card (create a group smartcard for example). > > > > Nevertheless this is a serious issue on multi-user machines. It's *my* > card and *you* aren't allowed to use it.
But is it "your" reader? > pcscd needs to maintain a separate socket per reader at the very least. You can start more than one pcscd if needed. The administrator can give read/write access to _your_ user for _your_ reader and start a pcscd with your identity with a communication socket in ~/pcscd/ > > This security configuration is left to the local system administrator. > > Sorry, that's a terrible idea. Glomming all pcscd communications through a > single filesystem socket and relying on externally set permissions is a > recipe for compromise. In short, this design presumes a single-session > system, a demonstrably false assumption. Users of a multi-users system are free to send patched for pcsc-lite. Every thing is possible. Please implement what you need and share it with the community. For example Sun should have added support of Solaris Zones in pcsc-lite. Maybe Sun could share their changes? Regards, -- Dr. Ludovic Rousseau _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
