Le 14/06/2019 à 21:43, Ludovic Rousseau a écrit :
Le 14/06/2019 à 18:02, Kevin Locke a écrit :
Package: pcscd
Version: 1.8.24-1
Severity: normal
Dear Maintainer,
Hello Kevin,
pcscd currently runs as root. This is a security risk (as pointed out
in the SECURITY file shipped with pcscd). It was previously fixed in
Bug #606142 and regressed back to root when systemd support was added
(setgid was removed in 798d03c).
Is there a reason that pcscd needs to run as root, rather than a normal
user with access to the necessary device files? If so, could the
rationale be documented in the SECURITY file? If not, what would be
required to run as a non-root user and would you accept patches that
make the necessary changes?
You are completely right.
It is a known task on my TODO list. See
https://salsa.debian.org/rousseau/PCSC/issues/10
The issue https://salsa.debian.org/rousseau/PCSC/issues/10 was about
restricting pcscd accesses using systemd hardening.
This issue is fixed in the latest release 2.3.2.
https://blog.apdu.fr/posts/2025/03/new-version-of-pcsc-lite-232/
But pcscd is still running as root.
The next step is to run pcscd as a normal user.
This change is on my todo list.
Bye, and thank you for your patience
--
Dr. Ludovic Rousseau
