[Pcsclite-git-commit] [PCSC] 05/05: pcscd: do not check the process is setuid to limit rights
Ludovic Rousseau
rousseau at moszumanska.debian.org
Thu Aug 25 15:39:44 UTC 2016
This is an automated email from the git hooks/post-receive script.
rousseau pushed a commit to branch master
in repository PCSC.
commit 00c5acb113b5b96226f6d791da6ee6e31c948137
Author: Ludovic Rousseau <ludovic.rousseau at free.fr>
Date: Tue Aug 23 19:13:50 2016 +0200
pcscd: do not check the process is setuid to limit rights
pcscd is no more installed as setuid or setgid to allow auto start.
"Configuring your system for pcscd auto-start"
https://ludovicrousseau.blogspot.fr/2010/12/configuring-your-system-for-pcscd-auto.html
pcscd is now started on demand as root by systemd
"pcscd auto start using systemd"
https://ludovicrousseau.blogspot.fr/2011/11/pcscd-auto-start-using-systemd.html
It is no more needed to check pcscd is setuid/setgid to limit its
possibilities.
The change was made in cac146d23b899c46e9db7f6409a905e115ef921f (Aug 16
2010) and is not reverted.
---
src/pcscdaemon.c | 20 --------------------
1 file changed, 20 deletions(-)
diff --git a/src/pcscdaemon.c b/src/pcscdaemon.c
index 6803b67..1e5df53 100644
--- a/src/pcscdaemon.c
+++ b/src/pcscdaemon.c
@@ -264,7 +264,6 @@ int main(int argc, char **argv)
int customMaxReaderHandles = 0;
int customMaxThreadCardHandles = 0;
int opt;
- int limited_rights = FALSE;
int r;
#ifdef HAVE_GETOPT_LONG
int option_index = 0;
@@ -318,9 +317,6 @@ int main(int argc, char **argv)
*/
DebugLogSetLogType(DEBUGLOG_SYSLOG_DEBUG);
- /* if the process is setuid or setgid it may have some restrictions */
- limited_rights = (getgid() != getegid()) && (getuid() != 0);
-
/*
* Handle any command line arguments
*/
@@ -338,11 +334,6 @@ int main(int argc, char **argv)
break;
#endif
case 'c':
- if (limited_rights)
- {
- Log1(PCSC_LOG_CRITICAL, "Can't use a user specified config file");
- return EXIT_FAILURE;
- }
Log2(PCSC_LOG_INFO, "using new config file: %s", optarg);
newReaderConfig = optarg;
break;
@@ -381,11 +372,6 @@ int main(int argc, char **argv)
return EXIT_SUCCESS;
case 'a':
- if (limited_rights)
- {
- Log1(PCSC_LOG_CRITICAL, "Can't log APDU (restricted)");
- return EXIT_FAILURE;
- }
(void)DebugLogSetCategory(DEBUG_CATEGORY_APDU);
break;
@@ -397,24 +383,18 @@ int main(int argc, char **argv)
case 't':
customMaxThreadCounter = optarg ? atoi(optarg) : 0;
- if (limited_rights && (customMaxThreadCounter < PCSC_MAX_CONTEXT_THREADS))
- customMaxThreadCounter = PCSC_MAX_CONTEXT_THREADS;
Log2(PCSC_LOG_INFO, "setting customMaxThreadCounter to: %d",
customMaxThreadCounter);
break;
case 'r':
customMaxReaderHandles = optarg ? atoi(optarg) : 0;
- if (limited_rights && (customMaxReaderHandles < PCSC_MAX_READER_HANDLES))
- customMaxReaderHandles = PCSC_MAX_READER_HANDLES;
Log2(PCSC_LOG_INFO, "setting customMaxReaderHandles to: %d",
customMaxReaderHandles);
break;
case 's':
customMaxThreadCardHandles = optarg ? atoi(optarg) : 0;
- if (limited_rights && (customMaxThreadCardHandles < PCSC_MAX_CONTEXT_CARD_HANDLES))
- customMaxThreadCardHandles = PCSC_MAX_CONTEXT_CARD_HANDLES;
Log2(PCSC_LOG_INFO, "setting customMaxThreadCardHandles to: %d",
customMaxThreadCardHandles);
break;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pcsclite/PCSC.git
More information about the Pcsclite-cvs-commit
mailing list