Shawn Willden wrote:
On Tuesday 24 April 2007 02:28:21 pm Timothy J. Miller wrote:
This is only true if you're leaving the card in the reader. I would say
don't do that; the card should only be inserted when the card is needed
for an operation, limiting the window during which malicious code can
piggyback an authenticated card session (or start its own).
Also keep in mind that pcscd accepts connections to the reader from any
process on the machine. If there are any other users on your machine (using
their own accounts), and the application doesn't open the card in exclusive
mode and keep it open until you remove the card, then those other users can
also use your card after you've authenticated to it.
To be safe, don't use a card with important private keys on a multi-user
machine. Either that or be very sure that your applications grab the card
and never let go once you've presented the PIN.
When I compiled pcscd and the other parts of the CAC access chain I did not
tell them to be threaded, the result of this is,
If a different app asks to use the card, the new application has to get the
pin and authenticate to the card again, assuming I continue not messing up my
pin entry often. Granted I am the admin of the box and can control such
things on Pre FC6, unfortunately I suspect that on FC6 RedHat tried to help us
out and compiled everything with threads.
I could be wrong, but I believe this would also have the effect of denying
other users access to the signing/decrypting (i.e. private) credentials, plus
I should notice something strange if the same application I just gave a pin to
asks for it again.
It can be a little bit of a pain when reading email, authenticating to a web
page _and_ using ssh[-agent], but I prefer being asked for my pin for each
_different_ app that needs it. It made me aware that if my CAC is in, then
connection to _ANY_ https site will cause the browser to send credentials (I
wonder if the DoD intended IE to spew credentials everywhere from NMCI :),
which reminds me to deny the pin for the card when I don't need to CAC the site.
Also, to use the CAC for accessing most of the Navy DoD resources (NMCI's OWA)
from outside of the DoD physically controlled net (i.e. personal owned
computer), I believe we are supposed to read and sign an agreement that
specifies how we will control the computer we are using the CAC from/on.
Making the same assumption that those who create that agreement, which is that
those who signed it have read and will follow the agreement, the computer
should be _reasonably_ secured.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
