[clug] Skype Linux Reads Password and Firefox Profile
David Tulloh
david at tulloh.id.au
Mon Aug 27 09:37:27 GMT 2007
Alex Satrapa wrote:
> On 27/08/2007, at 07:01 , Chris Smart wrote:
>
>> "Users of Skype for Linux have just found out that it reads the files
>> /etc/passwd, firefox profile, plugins, addons, etc, and many other
>> unnecessary files in /etc.
>
> Now strace "ls -l /home". OMG! It looks up /etc/passwd! Why on Earth
> is ls looking up a file it has no reason to be looking at? Oh hang
> on... maybe ls is just calling "getpwnam" to get some details about
> the current user (such as, for example, the "GECOS" field to find the
> full name "Jo User" rather than referring to the user as "juser"), and
> it's actually "getpwnam" that's doing the fopen on /etc/passwd?
>
> Since you're not running Skype as an admnistrative user (or even as a
> user with sudo privileges), you've got nothing to worry about, right?
The question remains, why does Skype need to do that? Skype should just
use the user data that you enter into it.
The concern here isn't that Skype is trying to hack your computer; it's
that Skype is collecting your personal details, your hardware data and
your browsing history then reporting it all back to the mothership.
I also feel that this admin privilege thing is really rather overhyped.
If my home system got owned and used for nefarious purposes it would
take me a few hours to reinstall everything and then life would go on.
If my home directory got badly corrupted, I'd never be able to fully
recover that information. (The equation is rather different for most
servers.)
David
More information about the linux
mailing list