[Pcsclite-muscle] [PATCH] pcsc-lite & polkit: allow auth_admin
Nikos Mavrogiannopoulos
nmav
Thu Dec 4 05:59:18 PST 2014
On Thu, 2014-12-04 at 11:19 +0100, Ludovic Rousseau wrote:
> 2014-12-04 9:36 GMT+01:00 Nikos Mavrogiannopoulos <nmav at redhat.com>:
> > ----- Original Message -----
> >
> >> Possible problem: If the authorization agent is present and active,
> >> polkit_authority_check_authorization_sync() could take a long time (the
> >> time of users' response). If the next request comes in the same time, it
> >> is postponed until the previous one is handled. (Actions done by root
> >> are not postponed.)
> >
> > Indeed, and that is the reason it is disabled. I found that unacceptable for
> > a server that can serve multiple requests. A client can always authenticate
> > as admin using su, and then use pcscd.
>
> Should I revert the patch?
The drawback of that approach is that each accept()ed session will be blocked
until the password is entered and sent by the user. If the user goes for lunch
without entering a password that session will be blocked from processing any
other requests. I cannot predict how that would affect typical pcscd usage.
I think that it would be better for that change to be combined with using polkit
asynchronously.
regards,
Nikos
More information about the pcsclite-muscle
mailing list