main/pcsc-lite: socket is world-writeable by default
With the default settings, pcscd
creates a world-writable socket:
> ls -ld /run/pcscd /run/pcscd/pcscd.comm
drwxr-xr-x 2 pcscd pcscd 80 Sep 21 18:32 /run/pcscd
srw-rw-rw- 1 pcscd pcscd 0 Sep 21 18:32 /run/pcscd/pcscd.comm
This lets any user (including nobody
) operate with local smart card devices.
Permissions for the socket should likely be 660
by default?