Bug 1076440 - Access control in PCSC
Access control in PCSC
Product: Fedora
Classification: Fedora
Component: Changes Tracking (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Jaroslav Reznik
Pete Travis
Depends On:
  Show dependency treegraph
Reported: 2014-03-14 07:08 EDT by Jaroslav Reznik
Modified: 2014-12-08 10:22 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-12-08 10:22:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
nmavrogi: fedora_requires_release_note+

Attachments (Terms of Use)

  None (edit)
Description Jaroslav Reznik 2014-03-14 07:08:48 EDT
This is a tracking bug for Change: Access control in PCSC
For more details, see: http://fedoraproject.org//wiki/Changes/PcscAccessControl

Add access control to PC/SC smart cards available in the system.
Adding access control would (a) prevent unauthorized processes/users from reading data on a smart card,
(b) prevent unauthorized processes/users from erasing a smart card, (c) prevent unauthorized processes/users from talking to the smart card firmware
Comment 1 Nikos Mavrogiannopoulos 2014-06-03 07:34:03 EDT
Proposed text for the release notes:

The PCSC daemon in Fedora 21 allows for fine grained access control to smart cards that is tied to the system processes rather than solely depending on
the smart card controls. That is the polkit framework is being used to decide access on the smart card. 

In addition a default policy file is shipped with Fedora that restricts access to smart cards in a system to the console users and the administrator only.
The shipped policy can be modified by editing the file at /usr/share/polkit-1/actions/org.debian.pcsc-lite.policy.

Additional documentation on the PCSC policies is provided in /usr/share/doc/pcsc-lite/README.polkit
Comment 2 Jaroslav Reznik 2014-07-04 06:29:58 EDT
thank you for providing release notes text. Documentation team will collect it - this time we don't have dedicated release notes bug because of the overhead with 3 changes tracking bugs.
Comment 3 Jaroslav Reznik 2014-07-04 06:43:36 EDT
This message is a reminder that Fedora 21 Accepted Changes Freeze Deadline is on 2014-07-08 [1].

At this point, all accepted Changes should be substantially complete, and testable. Additionally, if a change is to be enabled by default, it must be so enabled at Change Freeze.

This bug should be set to the MODIFIED state to indicate that it achieved completeness. Status will be provided to FESCo right after the deadline. If, for any reasons, your Change is not in required state, let me know and we will try to find solution. For Changes you decide to cancel/move to the next release, please use the NEW status and set needinfo on me and it will be acted upon. 

In case of any questions, don't hesitate to ask Wrangler (jreznik). Thank you.

[1] https://fedoraproject.org/wiki/Releases/21/Schedule
Comment 4 Pete Travis 2014-07-08 22:25:48 EDT
Nikos, for this of course we'll cover your Change in the release notes, but setting the flag to + is much like a package review submitter setting the review+ flag on their own submission rather than the reviewer; Docs will set  fedora_requires_release_note+ to communicate to you that yes, we see your flag and yes, we agree that this should get documented in the release notes.

Anyway, I'll be reading up on this and may have some follow-up questions.
Comment 5 Pete Travis 2014-09-23 01:06:56 EDT
I posted your copy to https://fedoraproject.org/wiki/Documentation_Security_Beat#More_secure_Smart_Card_support - thanks again, Nikos.
Comment 6 Nikos Mavrogiannopoulos 2014-10-01 09:37:21 EDT
The project is substantially testable as of Fedora 21 Alpha TC4.

Note You need to log in before you can comment on or make changes to this bug.