[pkg-wpa-devel] Bug#591151: libpcsclite1: depends on pcscd which is priority: extra

[Ludovic Rousseau]

2010/8/4 Jonathan Nieder <jrnieder at gmail.com>:
> Speaking of which, from a naïve point of view it is not clear
> why wpasupplicant would need this.

wpasupplicant can be used with a smart card, so the use of libpcsclite.

> Kel, would it be appropriate for wpasupplicant to avoid a strict
> dependency on libpcsclite, by using dlopen() maybe?  (Note I am only
> asking if it would be appropriate; the actual work would fall on the
> shoulders of people with an interest in that happening.)

That would be a solution.
But using a smart card may/would need more configuration.

> Ludovic, would it be appropriate for libpcsclite to avoid a strict
> dependency on pcscd and get the latter installed where appropriate
> some other way (e.g., the desktop task)?  I would like to see it
> made easier to remove pcscd on systems because worrying about such
> setuid binaries is an unnecessary administration hassle.

libpcsclite can't be used without pcscd. Or you will just get failures.

The link between libpcsclite was just a Recommends: because some
people complained that a daemon was running when pcscd is installed
even if they do not use smart cards.
Starting with pcsc-lite 1.6.0 the daemon is started on request only.
So I changed the link from Recommends: to Depends:
But you are right that now the daemon is now suid root.

If having a setuid root deamon is a problem you have different options:
1- remove the suid bit and pcscd will not be usable
2- remove the suid bit but start the daemon as root at startut (see
/etc/init.d/pcscd script)
3- use a more complex configuration with a sgid bit to a group (say
scard) and give access to the smart card USB readers to the scard
group (using udev rules).

Option 3 is a bit complex so I let the local administrator decide if
that is what he wants to do/maintain.

Bye

-- 
 Dr. Ludovic Rousseau