Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
i was reading on slashdot the other day and it turns out that Skype is accessing /etc/password and many other /etc directories. The article
"Users of Skype for Linux have just found out that it reads the files /etc/passwd, firefox profile, plugins, addons, etc, and many other unnecessary files in /etc. This fact was originally discovered by using AppArmor, but others have confirmed this fact using strace on versions 220.127.116.11 and 18.104.22.168. What is going on? This probably shows how important it is to use AppArmor in any closed-source application in Linux to restrict any undue access to your files."
when i looked up more details on the AppAmor it is a SuSe based application. is there a way to get it to run under Gentoo/Sabayon?
there is a very good chance that i will be getting a job that will take me out of the country and i planed on using skype to keep in touch with my wife and kids. i will be running Sabayon or Debian on my laptop (99% chance it will be Sabayon) and this makes me a bit uncomfortable when it comes to security.
The files in /etc that are world readable are so for a reason. For example, passwd is THE place to know a users most basic config. Any program or user should be able to read files there. Sensitive info should not be readable by anyone. Any sensible distro have this sorted out.
If You are paranoid chmod the files 700 or the whole directory. But other things may break. There are distros and methods to tighten world access to system files. But what are You actually afraid of?
This is the default behaviour of most systems.
Your password is held in /etc/shadow, and is encrypted with a one-way hash, so they'd have to brute-force the shadow file in order to get your password. Also, /etc/shadow is readable only by root.
Even if they do have access to your /etc/passwd file, the most sensitive thing in there is your username, which shouldn't be a problem so long as your password is suitably strong, even if that data were to become common knowledge.
Yes, this is normal and loads of programs actually need the information in passwd. And as pwc101 pointed out, the really sensitive info (Your encrypted password) is held in a file not readable by others than system owner/root. The passwd file isn't more sensitive than any other, really. Any information in it could be had in a number of other ways, by non priviledged users, but it's there to facilitate things.
There was also a discussion (in the link You provided) regarding Skype's habit of reading other programs (Mozilla/Firefox) config information. It's the same thing there. It is a way for this program to determine what environment it is running in. In Your personal config files or world readable files. Almost every program You use daily is doing the same thing. So they can do a better job.
Some people regard this as bordering on spyware. Well then we have loads of spyware running, no matter what platform we use. Gimp finding out if there's a ghostscript installed. Firefox looking to see if it's the preferred browser. Winzip stealing extensions and more and more, Some say that Skype should be "open" about it. I think it's a non issue. Security lies in a completely different scope.
So keep using Skype if You like it. I would trust it!