Slashdot Mirror

← Back to Stories (view on slashdot.org)

Skype Linux Reads Password and Firefox Profile

Posted by samzenpus on from the to-send-better-ads dept.

mrcgran writes "Users of Skype for Linux have just found out that it reads the files /etc/passwd, firefox profile, plugins, addons, etc, and many other unnecessary files in /etc. This fact was originally discovered by using AppArmor, but others have confirmed this fact using strace on versions 1.4.0.94 and 1.4.0.99. What is going on? This probably shows how important it is to use AppArmor in any closed-source application in Linux to restrict any undue access to your files."

3 of 335 comments (clear)

  1. it was the authors of Skype that... by FudRucker · · Score: 0, Troll

    put the spyware in Kazaa...

    --
    Politics is Treachery, Religion is Brainwashing
  2. Re:What a load of FUD by DaleGlass · · Score: 1, Troll

    Um, because it wanted to refer to you as using real name, which is the entire damn point of having the field in /etc/passwd? Or even your username?

    Why would it need to? Skype has its own accounts, if it wants to refer to me by name it can use whatever I entered in my account info.

    Or perhaps it's not even the thing doing it, perhaps it's using a shell script to see if the skype: handler is registered in Skype, and that script does 'ls -l' to check file sizes.

    That'd be a stupid way of doing it, and I think AppArmor would have logged bash in that case. Or at least I hope it can tell the difference between what a program is doing, and what a program launched by another is doing.

    What I'd be interested in figuring out is exactly the fuck confidential information people think is hanging out in /etc/password? We all know that there are actually no passwords in that file, right?

    More than confidential, it's interesting why it's looking there. Especially the much stranger mozilla directories and /proc/interrupts. Add those things together and it's not hard to imagine that skype might gathering something from /etc/passwd like everybody's real names and reporting them. Now I have no clue if it actually does that, but given that Skype is already well known for doing strange things, some paranoia seems justified.
  3. Re:But...More Secure? At least smarter! by WED+Fan · · Score: 1, Troll

    Go back to spreading your FUD to the twelve year olds on those other technology websites and leave this one for the grown ups.

    Now, that should be modded funny. Bravo, sir. I was about to feel your indignation until you let us in on the joke with refering to /. as a site for grown ups. You should be commended.

    Notice, there has been response of substance, just the attacks and misdirection.

    Please respond to Linux security issues without misdirecting to MS, or attacking the poster.

    Your response in...3...2...1...

    --
    Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong fix.