[clug] Skype Linux Reads Password and Firefox Profile

Brian bnc at astronomicalresearchaustralia.org
Thu Aug 30 08:11:20 GMT 2007


Further to this I did a TCP trace and found

I did a, netstat -vep command and in part got;


Proto Recv-Q Send-Q Local Address           Foreign Address
State       User       Inode
 tcp        0      0 compname:58407       212.72.49.141:33033
TIME_WAIT   root       0

What is concerning me is that the user is root!

I have installed skype in the normal manner with SMART.
Skype establishes two ports with my userid and the above one with root.

Can anyone else see the same?

Brian




Rainer Klein wrote:
>> In case some people don't read slashdot..
>>
>> "Users of Skype for Linux have just found out that it reads the files
>> /etc/passwd, firefox profile, plugins, addons, etc, and many other
>> unnecessary files in /etc. This fact was originally discovered by using
>> AppArmor, but others have confirmed this fact using strace on versions
>> 1.4.0.94 and 1.4.0.99. What is going on? This probably shows how
>> important it is to use AppArmor in any closed-source application in
>> Linux to restrict any undue access to your files."
>>
>> http://forum.skype.com/index.php?showtopic=95261
>>
>>
>> I never trusted that software (from the makers of mega-spyware Kazaa)
>> and use Ekiga myself :)
>>
>> -c
> 
> The topic has been taken up by 'The Inquierer' (see link).
> 
> 	http://www.theinquirer.net/?article=41932
> 
> Rainer



More information about the linux mailing list