Skype Linux Reads Password and Firefox Profile
mrcgran writes "Users of Skype for Linux have just found out that it reads the files /etc/passwd, firefox profile, plugins, addons, etc, and many other unnecessary files in /etc. This fact was originally discovered by using AppArmor, but others have confirmed this fact using strace on versions 1.4.0.94 and 1.4.0.99. What is going on? This probably shows how important it is to use AppArmor in any closed-source application in Linux to restrict any undue access to your files."
put the spyware in Kazaa...
Politics is Treachery, Religion is Brainwashing
Microsoft troll. You know as well as I do that Open Source would never do anything like this. Hows the weather in Redmond? Crawl back under your rock.
Yes, call anyone who tells the truth a 'troll'. Typical zealot behavior.
Why would it need to? Skype has its own accounts, if it wants to refer to me by name it can use whatever I entered in my account info.
That'd be a stupid way of doing it, and I think AppArmor would have logged bash in that case. Or at least I hope it can tell the difference between what a program is doing, and what a program launched by another is doing.
More than confidential, it's interesting why it's looking there. Especially the much stranger mozilla directories and
But, linux is more secure. These things are protected. No one is writing exploits for linux.
Oh, wait, it isn't, they aren't, and they are.
In fact, with all that open source, isn't it easier to see what is going on so I can write a better exploit? Isn't it easier for me to, say, sneak a corporate or national spy into the development team and compromise the project?
With millions of lines of code, do you think we could keep an Iranian or Chinese spy from getting malicious code into the project?
Hypothetical:
But, wait, linux is more secure. These things are protected. Nobody is writing exploits.
Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong fix.
That is why /etc/passwd is root access only. You don't install applications as root, now do you?
Ironically this is the one argument that leeh-nux fanbois start crying about when some malicious app is running rampant on "The Other OS".
Now, that should be modded funny. Bravo, sir. I was about to feel your indignation until you let us in on the joke with refering to /. as a site for grown ups. You should be commended.
Notice, there has been response of substance, just the attacks and misdirection.
Please respond to Linux security issues without misdirecting to MS, or attacking the poster.
Your response in...3...2...1...
Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong fix.