* [Qemu-devel] [PATCH v2 0/2] Try to fix problem with emulated smartcards where invalid PIN succeeds
@ 2013-09-11 13:59 Ray Strode
0 siblings, 0 replies; only message in thread
From: Ray Strode @ 2013-09-11 13:59 UTC (permalink / raw)
To: qemu-devel; +Cc: Alon Levy, Michael Tokarev, Robert Relyea
This updated patch series includes Reviewed-By lines from Alon Levy and Robert Relyea,
and also improves the accuracy of the second commit message. This set should be ready to merge.
Back story is that I started writing a blog post about virtualized smartcards here:
https://blogs.gnome.org/halfline/2013/09/08/another-smartcard-post/
and while testing what I was writing I noticed an invalid PIN worked when it
shouldn't have. It turns out that typing a valid PIN once in one program in the
guest, is enough to make all future programs in the guest ask for the PIN to
succeed regardless of what gets typed in for the PIN.
I did some digging through the libcacard code, and noticed it uses the
NSS PK11_Authenticate function which calls a function that has this comment above it:
If we're already logged in and this function is called we
will still prompt for a password, but we will probably succeed
no matter what the password was.
Also, PK11_Authenticate short-circuits to an early "return SECSuccess" if the token
is already logged in.
The two patches in this series attempt to correct this problem by calling PK11_Logout.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-09-11 14:00 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-09-11 13:59 [Qemu-devel] [PATCH v2 0/2] Try to fix problem with emulated smartcards where invalid PIN succeeds Ray Strode
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).