Douglas E. Engert wrote on 10/16/06 02:26 PM:
Is there any way to have PCSC limit access to reader devices to
the user logged in at the console?
I would like avoid a user who has logged in over the network from
accessing a card in a reader inserted by the local user.
Hah! Good idea...
On Solaris, I do this using the logindevperm[1] mechanism to have the
ownership of the socket and shared memory file changed to the user
logging into the console, and the modes to 0600:
# grep pcsc /etc/logindevperm
/dev/console 0600 /var/run/pcscd.comm
/dev/console 0600 /var/run/pcscd.pub
#
This line in winscard_msg_srv.c is a bit weak :(
SYS_Chmod(PCSCLITE_CSOCK_NAME, S_IRWXO | S_IRWXG | S_IRWXU);
Hope your platform has logindevperm...
~Iain
[1] http://docs.sun.com/app/docs/doc/816-5174/6mbb98ugo?a=view
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
