Red Hat Bugzilla – Bug 1076440
Access control in PCSC
Last modified: 2014-12-08 10:22:17 EST
This is a tracking bug for Change: Access control in PCSC
For more details, see: http://fedoraproject.org//wiki/Changes/PcscAccessControl
Add access control to PC/SC smart cards available in the system.
Adding access control would (a) prevent unauthorized processes/users from reading data on a smart card,
(b) prevent unauthorized processes/users from erasing a smart card, (c) prevent unauthorized processes/users from talking to the smart card firmware
Proposed text for the release notes:
The PCSC daemon in Fedora 21 allows for fine grained access control to smart cards that is tied to the system processes rather than solely depending on
the smart card controls. That is the polkit framework is being used to decide access on the smart card.
In addition a default policy file is shipped with Fedora that restricts access to smart cards in a system to the console users and the administrator only.
The shipped policy can be modified by editing the file at /usr/share/polkit-1/actions/org.debian.pcsc-lite.policy.
Additional documentation on the PCSC policies is provided in /usr/share/doc/pcsc-lite/README.polkit
thank you for providing release notes text. Documentation team will collect it - this time we don't have dedicated release notes bug because of the overhead with 3 changes tracking bugs.
This message is a reminder that Fedora 21 Accepted Changes Freeze Deadline is on 2014-07-08 .
At this point, all accepted Changes should be substantially complete, and testable. Additionally, if a change is to be enabled by default, it must be so enabled at Change Freeze.
This bug should be set to the MODIFIED state to indicate that it achieved completeness. Status will be provided to FESCo right after the deadline. If, for any reasons, your Change is not in required state, let me know and we will try to find solution. For Changes you decide to cancel/move to the next release, please use the NEW status and set needinfo on me and it will be acted upon.
In case of any questions, don't hesitate to ask Wrangler (jreznik). Thank you.
Nikos, for this of course we'll cover your Change in the release notes, but setting the flag to + is much like a package review submitter setting the review+ flag on their own submission rather than the reviewer; Docs will set fedora_requires_release_note+ to communicate to you that yes, we see your flag and yes, we agree that this should get documented in the release notes.
Anyway, I'll be reading up on this and may have some follow-up questions.
I posted your copy to https://fedoraproject.org/wiki/Documentation_Security_Beat#More_secure_Smart_Card_support - thanks again, Nikos.
The project is substantially testable as of Fedora 21 Alpha TC4.