Le 14/06/2019 à 18:02, Kevin Locke a écrit :
Package: pcscd
Version: 1.8.24-1
Severity: normal
Dear Maintainer,
Hello Kevin,
pcscd currently runs as root. This is a security risk (as pointed out
in the SECURITY file shipped with pcscd). It was previously fixed in
Bug #606142 and regressed back to root when systemd support was added
(setgid was removed in 798d03c).
Is there a reason that pcscd needs to run as root, rather than a normal
user with access to the necessary device files? If so, could the
rationale be documented in the SECURITY file? If not, what would be
required to run as a non-root user and would you accept patches that
make the necessary changes?
You are completely right.
It is a known task on my TODO list. See
https://salsa.debian.org/rousseau/PCSC/issues/10
I know systemd has many features that could help.
Please provide patches upstream (it is not a problem limited to Debian).
You can use https://salsa.debian.org/rousseau/PCSC or
https://github.com/LudovicRousseau/PCSC to provide pull requests.
Maybe you should first discuss ideas and solutions on the pcsclite-muscle
mailing list.
https://lists.infradead.org/mailman/listinfo/pcsclite-muscle
Bye
--
Dr. Ludovic Rousseau
