Hello all, I was thinking of the possibility to trace all the APDU and SW exchanged between pcscd and the readers. In many cases I wanted to know exactly what was exchanged and patched the application or the ifd-handler instead of pcscd.
My proposition is to activate the debug using a 'kill -SIGUSR1 pid_of_pcscd'. And deactivate the debug using the same command. We could also add others debug levels with a cyclic counter (0 -> 1 -> 2 -> ... -> n-1 -> n -> 0 -> etc.) You will say it is not secure since the PIN will be stored in the log. You are right but: - debug will be OFF by default - only root (or the owner of the process) will be allowed to send the SIGUSR1 signal - the owner could use strace(1) to spy the serial or USB communications and see the same info (in a less pleasant format) - you can log to stdout instead of syslog using 'pcscd -d stdout' so the PIN code (or another secret) will not be stored permanently on the disk in /var/log/syslog. Any comment? -- Dr. Ludovic Rousseau [EMAIL PROTECTED] -- Normaliser Unix c'est comme pasteuriser le Camembert, L.R. -- *************************************************************** Unix Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/ To unsubscribe send an email to [EMAIL PROTECTED] with unsubscribe sclinux ***************************************************************
