[clug] Skype Linux Reads Password and Firefox Profile
Alex Satrapa
grail at goldweb.com.au
Mon Aug 27 01:56:41 GMT 2007
On 27/08/2007, at 07:01 , Chris Smart wrote:
> "Users of Skype for Linux have just found out that it reads the files
> /etc/passwd, firefox profile, plugins, addons, etc, and many other
> unnecessary files in /etc.
"Any sufficiently advanced incompetence is indistinguishable from
malice."
Now strace "ls -l /home". OMG! It looks up /etc/passwd! Why on Earth
is ls looking up a file it has no reason to be looking at? Oh hang
on... maybe ls is just calling "getpwnam" to get some details about
the current user (such as, for example, the "GECOS" field to find the
full name "Jo User" rather than referring to the user as "juser"),
and it's actually "getpwnam" that's doing the fopen on /etc/passwd?
Since you're not running Skype as an admnistrative user (or even as a
user with sudo privileges), you've got nothing to worry about, right?
As for the *real* reasons for not using Skype - it's peer to peer,
and will route calls through unrelated nodes simply because the
bandwidth exists to do so. So if you're connected through a 1Mbps
connection you'll end up routing calls for other people you don't
know. Altruism aside, can you afford to have all this extra traffic
routed through your Internet connection?
Alex
More information about the linux
mailing list