Slashdot Mirror


Skype Linux Reads Password and Firefox Profile

mrcgran writes "Users of Skype for Linux have just found out that it reads the files /etc/passwd, firefox profile, plugins, addons, etc, and many other unnecessary files in /etc. This fact was originally discovered by using AppArmor, but others have confirmed this fact using strace on versions 1.4.0.94 and 1.4.0.99. What is going on? This probably shows how important it is to use AppArmor in any closed-source application in Linux to restrict any undue access to your files."

7 of 335 comments (clear)

  1. it was the authors of Skype that... by FudRucker · · Score: 0, Troll

    put the spyware in Kazaa...

    --
    Politics is Treachery, Religion is Brainwashing
  2. Re:Why.. by Anonymous Coward · · Score: -1, Troll

    .. only closed source applications? I don't think most people read the entire sources of open source applications that they use.

    Microsoft troll. You know as well as I do that Open Source would never do anything like this. Hows the weather in Redmond? Crawl back under your rock.

  3. Re:Why.. by Anonymous Coward · · Score: -1, Troll

    Yes, call anyone who tells the truth a 'troll'. Typical zealot behavior.

  4. Re:What a load of FUD by DaleGlass · · Score: 1, Troll

    Um, because it wanted to refer to you as using real name, which is the entire damn point of having the field in /etc/passwd? Or even your username?

    Why would it need to? Skype has its own accounts, if it wants to refer to me by name it can use whatever I entered in my account info.

    Or perhaps it's not even the thing doing it, perhaps it's using a shell script to see if the skype: handler is registered in Skype, and that script does 'ls -l' to check file sizes.

    That'd be a stupid way of doing it, and I think AppArmor would have logged bash in that case. Or at least I hope it can tell the difference between what a program is doing, and what a program launched by another is doing.

    What I'd be interested in figuring out is exactly the fuck confidential information people think is hanging out in /etc/password? We all know that there are actually no passwords in that file, right?

    More than confidential, it's interesting why it's looking there. Especially the much stranger mozilla directories and /proc/interrupts. Add those things together and it's not hard to imagine that skype might gathering something from /etc/passwd like everybody's real names and reporting them. Now I have no clue if it actually does that, but given that Skype is already well known for doing strange things, some paranoia seems justified.
  5. But...More Secure? by WED+Fan · · Score: -1, Troll

    But, linux is more secure. These things are protected. No one is writing exploits for linux.

    Oh, wait, it isn't, they aren't, and they are.

    In fact, with all that open source, isn't it easier to see what is going on so I can write a better exploit? Isn't it easier for me to, say, sneak a corporate or national spy into the development team and compromise the project?

    With millions of lines of code, do you think we could keep an Iranian or Chinese spy from getting malicious code into the project?

    Hypothetical:

    • Start a project for a civilian equivelent of a military application
    • Form a project team
    • Accept a programmer from a country that has very specific ideology driven agendas against much of the western world
    • Wonder why the government won't switch to the OS of your desire

    But, wait, linux is more secure. These things are protected. Nobody is writing exploits.

    --
    Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong fix.
  6. You idiots: by Anonymous Coward · · Score: -1, Troll

    That is why /etc/passwd is root access only. You don't install applications as root, now do you?

    Ironically this is the one argument that leeh-nux fanbois start crying about when some malicious app is running rampant on "The Other OS".

  7. Re:But...More Secure? At least smarter! by WED+Fan · · Score: 1, Troll

    Go back to spreading your FUD to the twelve year olds on those other technology websites and leave this one for the grown ups.

    Now, that should be modded funny. Bravo, sir. I was about to feel your indignation until you let us in on the joke with refering to /. as a site for grown ups. You should be commended.

    Notice, there has been response of substance, just the attacks and misdirection.

    Please respond to Linux security issues without misdirecting to MS, or attacking the poster.

    Your response in...3...2...1...

    --
    Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong fix.