[Pcsclite-muscle] [PATCH] pcsc-lite & polkit: allow auth_admin

Nikos Mavrogiannopoulos nmav
Thu Dec 4 05:59:18 PST 2014


On Thu, 2014-12-04 at 11:19 +0100, Ludovic Rousseau wrote:
> 2014-12-04 9:36 GMT+01:00 Nikos Mavrogiannopoulos <nmav at redhat.com>:
> > ----- Original Message -----
> >
> >> Possible problem: If the authorization agent is present and active,
> >> polkit_authority_check_authorization_sync() could take a long time (the
> >> time of users' response). If the next request comes in the same time, it
> >> is postponed until the previous one is handled. (Actions done by root
> >> are not postponed.)
> >
> > Indeed, and that is the reason it is disabled. I found that unacceptable for
> > a server that can serve multiple requests. A client can always authenticate
> > as admin using su, and then use pcscd.
> 
> Should I revert the patch?

The drawback of that approach is that each accept()ed session will be blocked
until the password is entered and sent by the user. If the user goes for lunch
without entering a password that session will be blocked from processing any
other requests. I cannot predict how that would affect typical pcscd usage.
I think that it would be better for that change to be combined with using polkit
asynchronously.

regards,
Nikos






More information about the pcsclite-muscle mailing list