Re: [opensc-devel] OpenCT and limiting us of the reader to the console user only

Thu, 19 Oct 2006 11:44:35 -0700 


Andreas Jellinghaus wrote:


Douglas E. Engert wrote:


Is there any way to have OpenCT limit access to reader devices to
the user logged in at the console?



sure.
chgrp scard /var/run/openct
and configure some pam module for login only,
so it adds the user to group scard.



Ubuntu with openct 0.6.8.ubuntu1 does the
chgrg scard /var/run/openct but does not appear to do anything
with it. It also had groups like cdrom, floppy, audio, scanner.,
and added some users to these groups.


that way only those who used login have group scard and can
use openct, while those using ssh, kdm, whatever can not.



That sounds like pam_console.so. But the best that I can tell, there
is a security hole with this. UserA logs in at console,
and get into group scard. UserA creates a program with setguid bit.
They log off. Later userA logins via the network and are not part
of group scard, then run the setgid program to look at card in reader
from UserB.  (Or something like that, dynamicly adding a user to
a group for a session has problems.)

This is a low risk problem, but it appears that that was one
reason for HAL.




I see the WIKI has some comments about using HAL, and the comment:
"Also so far noone told us why we should change a running system."

Here is one reason:
I would like avoid a user who has logged in over the network from
accessing a card in a reader inserted by the local user.


can be done without udev/hal changes, no issue here I think.


I sent a similiar note to the muscle list asking about PCSC.



sorry, I have little clue about pcsc. maybe ludovic knows?
I guess you can set permissions on the pcsc sockets too.


So has anyone looked at HAL closer for OpenCT? I see it has the
udev files as a start.




I think hal is nice if some application (e.g. your kde desktop icon 
manager) wants to get notification if e.g. a cdrom was inserted or

a usb memory stick was plugged into the usb port. I fail to see how
it helps openct at all.


It looks like it more then the notification, its the ability for the
deamon controlling the device to only allow the user at the console to access
the device. The OpenCT ifdhandler  would have to query hal somehow. But the
hal documentation is hard to find.

Maybe some future addition to OpenCT.



Andreas




--

 Douglas E. Engert  <[EMAIL PROTECTED]>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 (630) 252-5444
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel






















					Reply via email to