From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Sat, 15 Feb 2014 15:36:16 -0500
Subject: [refpolicy] Restricting access to pcscd socket
In-Reply-To: <1392407241-18492-1-git-send-email-aranea@aixah.de>
References: <1392407241-18492-1-git-send-email-aranea@aixah.de>
Message-ID: <52FFCFC0.8030407@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 2/14/2014 2:47 PM, Luis Ressel wrote:
> The policy grants the right to access the pcscd socket (PC/SC daemon, a daemon
> for accessing smartcards) to some domains which rarely need it: xguest_t,
> mozilla_plugin_t and kerberos users (through kerberos_use()). While there are
> use cases which require this access, most do not, and access to a smartcard is
> something rather critical. Therefore I propose to make this permission a
> tunable.
> 
> There are some other domains which are granted this access (openct_t,
> certmonger_t, certwatch_t, and after my last patch also gpg_agent_t), but they
> are specifically crypto-related and should be well-protected, so I decided to
> leave their permissions unconditional. (Sure, kerberos is also crypto-related,
> but in that policy, the right is granted to any application using kerberos, not
> only a separate process.)
> 
> What do you think?

Typically I would take something like this.  Conditionally making the policy stricter is usually a good thing.  I'm not so sure that it makes sense here.  It doesn't seem like it buys much.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com