[Pcsclite-muscle] (possible) evolutions of pcsc-lite and libccid
Ludovic Rousseau
ludovic.rousseau at gmail.com
Thu May 9 04:21:23 PDT 2024
Hello,
Here are some ideas for possible evolutions of pcsc-lite.
The move from autoconf/automake to meson was an initial step into other changes.
systemd sandbox
==============
Now that the serial support is disabled (by default) we only have to
deal with USB readers.
It should be possible to use systemd to limit the access rights of
pcscd to avoid running as root.
pcscd should only need to access the USB devices.
See "Use systemd to restrict pcscd rights"
https://salsa.debian.org/rousseau/PCSC/-/issues/10
Or "pcscd: Runs with possibly unnecessary privileges"
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930530
udev rule
=======
A udev rule could be used to change the access rights of the smart
card reader devices so it can be opened by a normal (i.e. non root)
process (pcscd).
USB bus scanning
===============
Another idea is to avoid a new USB bus scanning in the CCID driver to
find the device to use.
See '"Open the device in pcscd and give the file descriptor to the
driver" https://salsa.debian.org/rousseau/PCSC/-/issues/20
and "Use libusb_wrap_sys_device() and avoid rescanning the USB bus"
https://salsa.debian.org/rousseau/CCID/-/issues/11
I don't know when all these features will be ready.
Some of them have been on the TODO list for over 10 years :-)
If you have other ideas please share them.
Regards,
--
Dr. Ludovic Rousseau
More information about the pcsclite-muscle
mailing list