2010/8/4 Jonathan Nieder <[email protected]>: > Speaking of which, from a naïve point of view it is not clear > why wpasupplicant would need this.
wpasupplicant can be used with a smart card, so the use of libpcsclite. > Kel, would it be appropriate for wpasupplicant to avoid a strict > dependency on libpcsclite, by using dlopen() maybe? (Note I am only > asking if it would be appropriate; the actual work would fall on the > shoulders of people with an interest in that happening.) That would be a solution. But using a smart card may/would need more configuration. > Ludovic, would it be appropriate for libpcsclite to avoid a strict > dependency on pcscd and get the latter installed where appropriate > some other way (e.g., the desktop task)? I would like to see it > made easier to remove pcscd on systems because worrying about such > setuid binaries is an unnecessary administration hassle. libpcsclite can't be used without pcscd. Or you will just get failures. The link between libpcsclite was just a Recommends: because some people complained that a daemon was running when pcscd is installed even if they do not use smart cards. Starting with pcsc-lite 1.6.0 the daemon is started on request only. So I changed the link from Recommends: to Depends: But you are right that now the daemon is now suid root. If having a setuid root deamon is a problem you have different options: 1- remove the suid bit and pcscd will not be usable 2- remove the suid bit but start the daemon as root at startut (see /etc/init.d/pcscd script) 3- use a more complex configuration with a sgid bit to a group (say scard) and give access to the smart card USB readers to the scard group (using udev rules). Option 3 is a bit complex so I let the local administrator decide if that is what he wants to do/maintain. Bye -- Dr. Ludovic Rousseau -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
