On Sat, 2014-01-04 at 21:57 +0100, Ludovic Rousseau wrote: > > Hello, > > Indeed smart cards _may_ have some access control method (but they are > > not required to). The smart card access control currently is very > > coarse (as I can erase every smart card in the system without any > > special permissions), and several files on the card like certificates are > > almost never protected. > > > > What the patch ensures is that only admin-authorized processes can talk > > to the hardware. That means: > > * Only authorized processes can extract the public information in the > > card. > > * Only authorized processes can erase the card. > > * Only authorized processes can talk to the card firmware (cards may > > have bugs as any other kind of software). > > > > Moreover, authorization policy is tied to the system processes rather > > than being an external process that depends on the smart card in > > use. For example, a PIN-enabled smart card can never distinguish a > > local user from a console one, however polkit policies can. > > I am still not convinced that Policy Kit is a good solution for the > problems you describe.
I agree there may be other solutions as the ones you suggest below, but they require changing the hardware. Access control with polkit works with any smart card and any smart card access control method. Also the 3rd point I make (access to the card firmware) cannot be solved by additional hardware, but is solved with polkit. > If the card can be erased or modified without any previous > authentication (PIN or secure message) then that is the problem of the > card (or card provider). All the smart cards I ever had can be erased by anyone in the system using "pkcs15-init -E". So using polkit there will allow the administrator of the system to define the "anyone" part. > If you want to avoid a remote user to use a PIN protected card the > best is to use a pinpad reader with a firewall. The PIN will only be > entered using the pinpad. Any PIN verification command will be > rejected by the reader firewall. Or I can use polkit :) The latter requires no additional hardware and is already used for access control (to access hard disks) in most systems. In general administrating a system doesn't always imply selection of the authenticating tokens. Typically the tokens are fixed and the administrator tries to make the best use of the system access controls to prevent misuse. In 99% of the cases a smart card is used interactively from the guy sitting on the PC and currently there is no way to enforce that. regards, Nikos _______________________________________________ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com