On 10/13/20 12:22 PM, Marius Schwarz wrote:
Am 12.10.20 um 15:55 schrieb Nikos Mavrogiannopoulos:
On Fri, Oct 9, 2020 at 4:16 PM Marius Schwarz <fedoradev@xxxxxxxxxxxx> wrote:
Am 09.10.20 um 13:18 schrieb Nikos Mavrogiannopoulos:
LIBCCID_ifdLogLevel=0x000F pcscd --foreground --debug --apdu
--color | tee log.txt
This the unchanged output:
00492770 [140407774111296] auth.c:137:IsClientAuthorized() Process 33529 (user: 1001) is NOT authorized for action: access_pcsc
^^^
What's this process? (you'll need to figure in your current system)
captured with a brute force watch ps auxf >> log
marius 5396 0.0 0.5 535000 10360 ? Ssl 03:34 0:00 \_
/usr/libexec/gsd-smartcard
btw. Boxen seems to simulate a reader:
ccid_usb.c:659:OpenUSBByName() Found Vendor/Product: 08E6/4433 (Gemalto
Gemplus USB SmartCard Reader 433-Swap)
Yeah, this is the virtual smart card driver, which is enabled if you
configure your vm/remote-viewer to do so. Not sure if this is by default.
which changes the behaviour without altering the policy.
I will repeat it with a real device.
** Surprise **
Today, it does not show the requester at all. Not on Boxen, not on the
real hw device I tested it last week with.
But, the error message appears and several processes lite it up:
2x /usr/libexec/gsd-smartcard
!!! 48x /usr/libexec/gstreamer-1.0/gst-plugin-scanner -l
/usr/bin/gjs-console
The policy file was untouched, the image was the same as last week, the
device is the same as last week. Is there any OTA shenanigans at work?
I mean, 2 devices tested on several days over the last week, and all
produce the same message and than, a week later, with an unalterted
ISOIMAGE it does no longer happen??? Something is very suspicious here!
Whether virtual smart card and reader is created depends on the VM
configuration & remote-viewer configuration. Did you update/change that
in your client system?
Regards,
--
Jakub Jelen
Senior Software Engineer
Crypto Team, Security Engineering
Red Hat, Inc.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
