J5’s Blog

I’ve been reading all about the Skype hysteria. It is kind of funny given that the question that was asked - is this close sourced app reading things it shouldn’t? - is legitimate but the hysteria that followed made a mountain out of a molehill. What makes it even funnier is that I can most likely point out an answer to at least one of the questions - why is skype poking at /etc/passwd? The answer is the punchline to this whole non-story. I know the answer because I can read the source - not the Skype source of course but the open source component called D-Bus that Skype uses. They can use it because it is dual GPL/AFL licensed.

D-Bus authenticates users for various reasons on Unix systems and makes calls to the getpwnam function. If you look at the following simple program and run it with strace -f you will see that this call does in fact open /etc/passwd:

#include <sys>
#include <pwd.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>

int
main(int argc, char *argv[])
{
  char *lgn;
  struct passwd *pw;
  if ((lgn = getlogin()) == NULL || (pw = getpwnam(lgn)) == NULL)
    {
      fprintf(stderr, "Get of user information failed.n");
      exit(1);
    }

  return(0);
}

Now lets look at some of the output from strace -f

fstat64(3, {st_mode=S_IFREG|0755, st_size=50840, ...}) = 0 mmap2(NULL, 45712, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x51b000 mmap2(0x525000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9) = 0x525000 close(3) = 0 mprotect(0x525000, 4096, PROT_READ) = 0 munmap(0xb7f29000, 54658) = 0 open(”/etc/passwd”, O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 fstat64(3, {st_mode=S_IFREG|0644, st_size=1653, …}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f36000 read(3, “root:x:0:0:root:/root:/bin/bash\n”…, 4096) = 1653 close(3) = 0 munmap(0xb7f36000, 4096) = 0 exit_group(0) = ?

What does this all mean? Well I can’t say for sure if D-Bus is the only place accessing /etc/passwd in Skype but I like to give people and companies the benefit of the doubt. If you feel they are being sneaky just don’t use it. I don’t use it but then again I do trust the phone companies to not steal my credit card number when I give it to my travel agent over the phone. For that matter I trust my travel agent too.

It does show the benefits of Open Source in that it gives you peace of mind that you can look at the code instead of just guessing what is going on. That should be the draw of Open Source, because hysteria certainly isn’t.

[read this post in: ar de es fr it ja ko pt ru zh-CN ]

Simos Says:
August 28th, 2007 at 4:02 pm

Apparently Skype still reads /etc/passwd, even if you use the command line paramenter “–disable-api”.

“–disable-api” prevents connection to X11/DBus API,
https://developer.skype.com/LinuxSkype/ReleaseNotes

Skype probably uses getpwuid().

joa Says:
August 29th, 2007 at 12:09 am

come ppl compared to the flaws on unsecure and fancy of the IPodthis is an insignificant tiny insect, a joke played by the skype devs..

YAAAAAAAAY!!!!!
/**
root:XUU7aqfpey51o:0:0::0:0:System Administrator:/var/root:/bin/sh
**/

http://lpahome.com/iPhone/passwords

too much press over Skype… this make me tinker over if they like “pro-being hacked” (same as mac).

joa Says:
August 29th, 2007 at 12:14 am

“Alpine”

Paul Collins Says:
August 31st, 2007 at 8:56 am

And it’s not like /etc/passwd actually contains passwords anyway.

Skype Hysteria

4 Responses to “Skype Hysteria”

Leave a Reply

Archived Entry