[Pcsclite-muscle] Delegate WinSCard calls to another library (for a RDP server for example)

Ludovic Rousseau ludovic.rousseau at gmail.com
Mon Apr 1 09:40:22 PDT 2024


Hello,

While reading the FAQ about the xz-utils backdoor I discovered a GNU
mechanism: IFUNC.
https://sourceware.org/glibc/wiki/GNU_IFUNC
https://gcc.gnu.org/onlinedocs/gcc-5.3.0/gcc/Function-Attributes.html#index-g_t_0040code_007bifunc_007d-function-attribute-3095

That may be a good tool to avoid a function redirection.
But maybe that is too complex and too restricted to GNU to be used.

Comments? Ideas?

Bye

Le ven. 22 mars 2024 à 23:17, Ludovic Rousseau
<ludovic.rousseau at gmail.com> a écrit :
>
> Hello,
>
> I have not received many contributions.
>
> Some people added comments in https://github.com/LudovicRousseau/PCSC/issues/161
> Thank you for that.
>
> If you think that adding support of LIBPCSCLITE_DELEGATE is a bad idea
> then please explain.
> I have not yet added the code in the official pcsc-lite.
> I think it will help the support of smart cards by RDP servers running
> on Unix. And that is not a (new) security issue.
> But you may think differently.
>
> Bye
>
> Le ven. 15 mars 2024 à 22:59, Ludovic Rousseau
> <ludovic.rousseau at gmail.com> a écrit :
> >
> > Hello,
> >
> > I am working on a new idea for pcsc-lite: Delegate WinSCard calls to
> > another library
> >
> > The application will call SCardEstablishContext() (for example) as
> > before but the call is not directly sent to libpcsclite.so.1. Instead
> > we have a intermediate library that can redirect the call somewhere
> > else.
> >
> > Use cases:
> > - the other library can be libpcscspy.0.dylib to generate a debug
> > trace (simpler use for
> > https://blog.apdu.fr/posts/2022/06/pcsc-api-spy-update/)
> > - the other library can be libpcsclite-xrdp.so.0 to redirect the PC/SC
> > calls to the RDP server and then to the RDP client
> > - something else. I am interested in reading your other ideas
> >
> > The redirection is done by defining the environment variable
> > LIBPCSCLITE_DELEGATE before running the PC/SC application.
> >
> > To avoid security problems the variable LIBPCSCLITE_DELEGATE is
> > ignored if the process is run as root. The default library (real
> > libpcsclite) is used instead.
> >
> > You can have more details and a discussion in
> > https://github.com/LudovicRousseau/PCSC/issues/161
> >
> > What do you think?
> > Should I change something?
> > Ideas? comments?
> >
> > Thanks
> >
> > --
> >  Dr. Ludovic Rousseau
>
>
>
> --
>  Dr. Ludovic Rousseau



-- 
 Dr. Ludovic Rousseau



More information about the pcsclite-muscle mailing list