On Wed, 4 Sep 2024 18:14:56 -0500 Kyle Evans <kev...@freebsd.org> wrote:
> On 9/4/24 17:58, Jan Behrens wrote: > > I think I may have found the problem. If I'm right, it is an issue of > > pcsc-lite in combination with FreeBSD. > > > > Looking into pcsc-lite's file "src/auth.c", we find: > > > > #if defined(HAVE_POLKIT) && defined(SO_PEERCRED) > > ... > > > > [...] > > > > See: > > https://github.com/LudovicRousseau/PCSC/blob/da69dda356dc79300a997631f94efed7190d30a6/src/auth.c#L54 > > > > If I'm not mistaken, SO_PEERCRED is not set by the build system and it > > is not defined on FreeBSD (but only on Linux). Then pcsc-lite defaults > > to simply assume that any client is always authorized. Not good. > > > > I wasn't able to get the build working, so maybe someone can check if > > my guess is correct. > > > > Kind regards, > > Jan Behrens > > > > Right, that'd be a problem. Something like this might work, but I > haven't even build tested it: > > https://people.freebsd.org/~kevans/pcsc-auth.diff > > It could be cleaned up a little bit if it works. > > Thanks, > > Kyle Evans > While that would fix things for FreeBSD, I still think it's not a good idea to default to "always grant access" when a C macro is missing. This could lead to unnoticed security vulnerabilities on other platforms as well. Maybe a better approach would be to make pcscd refuse to startup without --disable-polkit on those platforms where Polkit or socket authentication is not available/implemented. (And also add the fixes for FreeBSD like you suggested, so this does not apply to FreeBSD.) Regards Jan
