Slashdot Mirror

← Back to Stories (view on slashdot.org)

Skype Linux Reads Password and Firefox Profile

Posted by samzenpus on from the to-send-better-ads dept.

mrcgran writes "Users of Skype for Linux have just found out that it reads the files /etc/passwd, firefox profile, plugins, addons, etc, and many other unnecessary files in /etc. This fact was originally discovered by using AppArmor, but others have confirmed this fact using strace on versions 1.4.0.94 and 1.4.0.99. What is going on? This probably shows how important it is to use AppArmor in any closed-source application in Linux to restrict any undue access to your files."

4 of 335 comments (clear)

  1. I am not suprised by figleaf · · Score: 4, Interesting

    We already knows that Skype records a lot of other information including your BIOS : http://www.pagetable.com/?p=27

  2. Re:Why.. by mikkelm · · Score: 4, Interesting

    Well, obviously it also only took one person to discover the same in a closed source application.

    Of course it would be easier to see the hows and whys in an open source application, but once you know, you know, and that's really at the core of the matter.

  3. Re:Why.. by optimus2861 · · Score: 4, Interesting

    Imagine this had been an Open Source product for a minute... instead of an article just saying that it read /etc/ files, it would have said this part of the code reads the files, this is why it is necessary, or here is a patch to stop it from doing this.

    Interesting you should say that - did you read the linked thread on the Skype forum? Here's a later post (emphasis added):

    i was a bit curious and tried strace on a few internet/network programs. it seems programs like skype, gaim, and perhaps other chat software all look in /etc/ passwd
    Pidgin nee Gaim is GPL. A quick search on one of its mailing lists shows no useful hits for /etc/passwd. A later comment on this thread shows that something as innocuous as an ls command will trigger reads of /etc/passwd. Sounds like this is being overblown.
  4. Flawed logic by Sycraft-fu · · Score: 5, Interesting

    First you assume that the person(s) that read it would catch anything evil in it. It's not like the evil code is necessairily going to be in a function called doEvil(), it could be very cleverly hidden among legit functions so that most people would miss it. With good obfuscation it wouldn't be hard to make something that people would have to play with a debugger just to figure out what is going on, and as such miss it on anything less than a really intense code audit.

    Second, you assume the people who look at it aren't in on it. So maybe a couple people look at the code and find the evil bits. They contact the developer and ask what's up. The developer then lets them in to his cabal, who can use the evil bits for their own ends. The people decide they like this and don't tell anyone. The people who read the code have to be honest for this to work.

    Third you assume that anyone other than the developer even bothers to look at the code. Not always a valid assumption, just because the code if you there doesn't mean anyone gives a shit. Maybe it is too complicated, maybe they just don't care, regardless the code being open is no guarantee that someone looked.

    Fourth, you assume that the binaries are the same as the source. I'm betting at least some of the time, and probably more often than that, you install things from a binary package. It's easy and much faster than compiling everything. Great, but how do you know the source follows the binaries? It would be easy to release an untainted source, and then tainted binaries. That the checksums differed wouldn't be of any note, since it could just be that different compile options were used, or even a different compiler (for example using ICC since it generates more efficient binary code). As such no source audit would ever turn up the problems.

    Finally, even if you compile your own, you assume that nothing else is in on it. I'll refer you to the classic Ken Thompson story http://cm.bell-labs.com/who/ken/trust.html. Some other program, and not just the compiler, could be in on inserting a trojan. It might never exist in source form, yet always get compiled in. Thus even a build from a verified source isn't a defense.

    Really, what it comes down to is open source may give you a warm, fuzzy feeling but it isn't actually proof everything is on the level. Really, you have to test what the software actually does when it is run. You can't say "Well the source is open so it can't do anything evil," because you just don't know that. It's far more useful to analyze how the program acts on a system, than to look over the code.

    After all, if looking at the code revealed everything, OSS would never have any bugs. You'd look at the code, see all the bugs, they'd all get fixed. Yet it does, nasty ones. My favourite is the BIND flaw discovered back around 2000 that was in essentially every version of BIND ever. Despite the fact that many people had looked at the code, nobody had ever noticed this. There was no ill intent, no conspiracy, it just wasn't something people saw.

    As such the same could be done for something evil. Hide it well enough in the code, and nobody will notice it.