2014-07-07 14:24 GMT+02:00 Stefani Seibold <[email protected]>: > Hi,
Hello, > this patch fix a small security and usability problem for pcsc-lite > client connections by adding a SOCK_CLOEXEC to the socket() call. > > An application which use the pcsc-lite should never pass the socket file > descriptor to its child processes. This make no sense, since the child > have no idea what to do with the handle. I agree. It makes no sense for the child to have this handle. Why do you think this is a security issue? If the parent process is doing something secure then it should call SCardDisconnect() on all the PC/SC contexts it has opened. > It will also fix a usability issue. Imaging the process will start a > long running child (for example a daemon) and then the process will be > terminated. Once the process will be restarted it can not access the > smartcard since the daemon will still have the file descriptor open. I don't follow you here. Can you provide a sample code with such a problem? Or provide a more detailed example? Bye -- Dr. Ludovic Rousseau _______________________________________________ Pcsclite-muscle mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
