Carlos Prados wrote:
>
>
> Again, I would pay more athention to local security.
> Why is the file /tmp/.pcscrx world writtable? isn't
> this a security hole?
>
On the subject of security...
As may be apparent I've only just got my setup working and I've not
examined things in any detail. I did notice a few things which might be
cause for concern.
Consider a Netscape PKCS#11 module. In this application the connection
to the reader may need to be kept open for an extended period of time
(typically the whole browser session) and may not be closed cleanly. As
we are all painfully aware its not entirely unknown for a browser to
crash.
This situation needs to be handled, i.e. a connection can be kept open
for a long time with no security issues and if the application using it
crashes then the session is cleaned up appopriately.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
