From 8368731ae4b59bcd8f0c9b2b34e64cb137121388 Mon Sep 17 00:00:00 2001
From: okir <okir@c6295689-39f2-0310-b995-f0e70906c6a9>
Date: Tue, 21 Oct 2003 08:32:17 +0000
Subject: [PATCH] - disallow UPDATE on the Application DF

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1546 c6295689-39f2-0310-b995-f0e70906c6a9
---
 src/pkcs15init/etoken.profile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/pkcs15init/etoken.profile b/src/pkcs15init/etoken.profile
index 923db690..b6f81a33 100644
--- a/src/pkcs15init/etoken.profile
+++ b/src/pkcs15init/etoken.profile
@@ -31,6 +31,10 @@ filesystem {
         DF PKCS15-AppDF {
 	    size		= 2048;
 
+	    # Prevent unauthorized updates of basic security
+	    # objects via PUT DATA OCI.
+	    ACL			= UPDATE=NEVER;
+
 	    # Bump the size of the EF(PrKDF) - with split
 	    # keys, we may need a little more room.
 	    EF PKCS15-PrKDF {