[GLLUG] Impressed with skype

Brent Barker b.w.barker at smokejive.net
Tue Sep 18 09:59:38 EDT 2007 

Ah, I remember reading that /. article. I read through the comments
and discovered that the article was saying that skype reads the
/etc/passwd file, and that was the problem. Another person mentioned
that

"The most common reason these applications and others read /etc/passwd
is that they call getpwuid() to obtain a struct that contains the
user's home directory. Now the application knows where to find its
configuration files."

Additionally, if your distro uses shadow passwords (I know Gentoo and
Debian do), you are not vulnerable to password-stealing.

A more extensive answer is provided here:

Seems like people don't understand unix at all, when they post to
security lists...
Just checking your own identity in unix requires a call to getpwnam,
getpwent or their equivalent, which means that a function call in
glibc has to read the password file. Practically every unix program
does that... It reads in the whole file in memory and looks for you,
unless you're using the db source, yp, nis+ or an external module:
nss_ldap, nss_mysql, nss_pgsql. It's doing that to find YOU out...
That's normal, system-wide behaviour, and not sinister at all(that's
also why there's a nscd daemon to cache those results, to prevent your
machine from grinding to a halt if you have 200k+ entries in that
file.

Now unless the legacy api gets redesigned to NOT do a line by line
scan, anyone using strace/ltrace/dtrace/tusc needs to filter out these
internal "housekeeping" calls, which are perfectly normal, needing to
find out if _you_ can open up your own log file...

The /etc/passwd /etc/group files are public files precisely because
they are referred to in this manner. That's why shadow passwords are
so necessary."

Hope that helps. I'm not worried about Skype on Linux any more than I
am about other closed source applications (though I don't have it
installed, so it's more a theoretical issue for me).

Cheers,
Brent

On 9/17/07, L Inbody <linbody at gmail.com> wrote:
> I seriously doubt if it will show up on any of these, but here is a pretty
> good blog that lists out all of the anti-rootkit options we have on linux.
>
> http://linuxhelp.blogspot.com/2006/12/various-ways-of-detecting-rootkits-in.html
>
> Unfortunately I am in CA in a hotel with really slow broadband so when the
> mp3 downloads I'll take a listen tomorrow.
>
>
>
> On 9/17/07, Karl Schuttler <rexykik at gmail.com> wrote:
> > I got this information from Pauldotcom security weekly, episode 82.
> > http://hydrogen.oshean.org/pauldotcom-SW-episode82.mp3
> for the show. I
> > believe their source material is
> >
> http://yro.slashdot.org/article.pl?sid=07/08/26/1312256
> >
> > I suppose it's not exactly a rootkit in that it probably doesn't root
> > your system, but it shows that they are up to shady shit that they
> > don't need to be messing around with.
> >
> > I highly suggest taking a listen to the show; it is rather informative
> > and entertaining.
> >
> >
> >
> > On 9/17/07, Brent Barker < b.w.barker at smokejive.net> wrote:
> > > Could you explain more or provide a link? I'd like to know more about
> that.
> > >
> > > On 9/17/07, Karl Schuttler <rexykik at gmail.com > wrote:
> > > > Skype is evil. Pretty much a rootkit, even on linux.
> > > >
> > > > On 9/17/07, Eduardo Cesconetto <eduardo at cesconetto.com> wrote:
> > > > > I like Skype too, but I was told that is evil..
> > > > >
> > > > > On Sep 17, 2007, at 3:11 PM, Steven Sayers wrote:
> > > > >
> > > > > > I just used skype to call my mom. This is really useful. My cell
> in
> > > > > > the
> > > > > > basement sucks.
> > > > > > _______________________________________________
> > > > > > linux-user mailing list
> > > > > > linux-user at egr.msu.edu
> > > > > >
> http://mailman.egr.msu.edu/mailman/listinfo/linux-user
> > > > >
> > > > > _______________________________________________
> > > > > linux-user mailing list
> > > > > linux-user at egr.msu.edu
> > > > >
> http://mailman.egr.msu.edu/mailman/listinfo/linux-user
> > > > >
> > > > _______________________________________________
> > > > linux-user mailing list
> > > > linux-user at egr.msu.edu
> > > >
> http://mailman.egr.msu.edu/mailman/listinfo/linux-user
> > > >
> > >
> > _______________________________________________
> > linux-user mailing list
> > linux-user at egr.msu.edu
> > http://mailman.egr.msu.edu/mailman/listinfo/linux-user
> >
>
>
>
> --
> Running Linux? Are you completely out of your mind.  That thing is a
> rip-off.  It comes with no viruses, no Trojans, no malware , etc .......
> _______________________________________________
> linux-user mailing list
> linux-user at egr.msu.edu
> http://mailman.egr.msu.edu/mailman/listinfo/linux-user
>
>

More information about the linux-user mailing list