Hi Ludovic, Ludovic Rousseau wrote: > On Thu, Apr 3, 2008 at 4:49 PM, Jan Just Keijser <[EMAIL PROTECTED]> wrote: > >> This does raise another interesting question: how session safe is >> pcsc-lite? Right now, all comms are over a single socket /var/run/pcscd.comm >> - how is access control to this socket implemented? Otherwise I could >> envisage a very simple DoS : if more than 1 person is allowed to log onto a >> computer then each person can access the socket and try to access a >> token/smart card until it locks up (most cards will block after N attempts). >> How can a user be protected from this? >> > > This is a FAQ. But I could not find the similar thread on the MUSCLE list. > > As you wrote all communications are over a single socket > /var/run/pcscd.comm. So you just need to use the Unix security > mechanism to restrict the access to this file to users allowed to use > the smart card (create a group smartcard for example). > > This security configuration is left to the local system administrator. > > hmmm it still won't allow security settings on a user basis: suppose I have 2 devices plugged into a single machine .. then either the user( s ) can access both cards or none of them...
cheers, JJK _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
