'Re: PCSC security'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-smartcardddk
Subject:    Re: PCSC security
From:       Klaus Schutz <kschutz () MICROSOFT ! COM>
Date:       1998-06-23 16:24:00
[Download RAW message or body]


You don't need to implement sharing in your NT4 driver.
The CP8 example just makes a difference between the checked and
the free version. In the checked version sharing is
possible for testing purposes, but in the free version
sharing is not possible.

Please, take a look at the function CP8CreateDevice()
which calls IoCreateDevice() with the 'Exclusive' parameter
set to FALSE in the checked version and TRUE in the free version.

Klaus U. Schutz
Microsoft Corp.

-----Original Message-----
From: Mika Penttilä [mailto:mpenttil@CC.HUT.FI]
Sent: Monday, June 22, 1998 10:24 PM
To: SmartCardDDK@DISCUSS.MICROSOFT.COM
Subject: Re: PCSC security


The story is that we are developing an IFD for
our serial reader. The code is based on the Bull CP8 DDK
sample code, which doesn't do anything to set up sharing
while processing IRP_MJ_CREATE. So i assumed this
is the expected behaviour. Shoudn't there be something like
SmartcardCreateClose in the smclib so not every
IFD had to implement sharing by itself.

--Mika Penttila
Setec Oy

-----Original Message-----
From: Klaus Schutz <kschutz@MICROSOFT.COM>
To: SmartCardDDK@DISCUSS.MICROSOFT.COM <SmartCardDDK@DISCUSS.MICROSOFT.COM>
Date: 22. kesäkuuta 1998 18:45
Subject: Re: PCSC security


>This is a bug of the smart card reader driver, not the resource
>manager. The reader driver must refuse multiple connections.
>What driver is this?
>
>Klaus U. Schutz
>Microsoft
>
>-----Original Message-----
>From: Mika Penttilä [mailto:mpenttil@CC.HUT.FI]
>Sent: Monday, June 22, 1998 7:25 AM
>To: SmartCardDDK@DISCUSS.MICROSOFT.COM
>Subject: PCSC security
>
>
>Hi!
>I have noticed that if one uses RM API function SCardConnect with
>the SCARD_SHARE_EXCLUSIVE parameter, you can still open
>SCReader0 device and use it wiht the ioctl interface (which is of course
>natural). The RM seems to block another RM user with SCARD_SHARE_EXCLUSIVE
>access. Wouldn't it be more logical if IFD (or smclib) managed sharing so
>it wouldn't be possible to bypass RM via the ioctl interface and
>cause severe security problems.
>
>Mika Penttila
>Mika.Penttila@setec.fi
>

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic