Package: pcscd Version: 1.8.24-1 Severity: normal Dear Maintainer,
pcscd currently runs as root. This is a security risk (as pointed out in the SECURITY file shipped with pcscd). It was previously fixed in Bug #606142 and regressed back to root when systemd support was added (setgid was removed in 798d03c). Is there a reason that pcscd needs to run as root, rather than a normal user with access to the necessary device files? If so, could the rationale be documented in the SECURITY file? If not, what would be required to run as a non-root user and would you accept patches that make the necessary changes? Thanks, Kevin -- System Information: Debian Release: 10.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.1.2 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages pcscd depends on: ii libc6 2.28-10 ii libccid [pcsc-ifd-handler] 1.4.30-1 ii libpcsclite1 1.8.24-1 ii libsystemd0 241-5 ii libudev1 241-5 ii lsb-base 10.2019051400 pcscd recommends no packages. Versions of packages pcscd suggests: ii systemd 241-5 -- no debconf information
