Shawn,
The SCardBeginTransaction and SCardEndTransaction functions are meant
to be used to temporarily lock the card from access by other processes.
A properly implemented application would:
SCardBeginTransaction
{
Verify the PIN
Do anything that requires the PIN
Logout (optional)
}
SCardEndTransaction (RESET) - RESET if there is no Logout command for
the card.
There is some code (I believe in winscard_svc or alike) that checks
to see if the calling application is from the socket that made the
original lock.
Thanks,
Dave
On Mar 22, 2006, at 3:51 PM, Shawn Willden wrote:
Hi,
While musing about some related issues today, a major possible
problem with
pcsc-lite's security model cropped up. It doesn't appear that
there is any
way to restrict smart card access by user. This means that any
user on a
multi-user system can use any smart card in any reader attached to
that
system. Now, access to security-critical features on smart cards is
generally controlled by a PIN/password, but nearly all cards
remember their
authentication state. Indeed, they almost have to. This means
that once I
present my PIN to the card to, say, sign an e-mail, any other user
logged
onto my system can also use the credentials on my card.
Is it even possible for pcscd to enforce user-level access
controls? Ideally,
the first process to access the card (well, *ideally* the process that
presents the PIN, but pcscd can't know that) should be able to tell
pcscd to
reject connections to that card from processes owned by other
users. The
only way for a different user account to obtain access to the card
should be
to reset the card. Allowing any user process to reset the card in
the reader
enables a DOS attack, but that's *much* less of a problem than the
ability to
impersonate another by using his card credentials.
Is there some mechanism in pcsc-lite to prevent this sort of
attack? If not,
is it even possible for pcscd to identify the owner of the
processes that
connect to its socket?
I'm really hoping I've missed something here...
Thanks,
Shawn.
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
