Skype reads /etc/passwd and firefox profiles.

[halfgaar]

Hi,

through slashdot, I found this topic on the skype forums. It states that Skype reads /etc/passwd and the current user's firefox profile. I couldn't find anything on the forums about it yet, so I thought I'd post it here in security. As far as I'm concerned, this can go in the weekly news letter...
_________________
Linux backups the right way.
Get surround sound working.

[ttuegel]

As the posts on Slashdot explain, this is no big deal for the following reasons:

1) Most programs read /etc/passwd. You have to, in order to get the username of the user you're running as. Also, since there aren't any passwords in this file, it's hardly a security risk.

2) Skype probably also needs to read Firefox profiles because it has a Firefox plugin.

[halfgaar]

The first one I can live with indeed, but I'm not sure about the second one. Why would it read ".mozilla/firefox/4h99k4vs.default/bookmarkbackups" or ".mozilla/firefox/4h99k4vs.default/ScrapBook"? And, if I recall correctly, it there have also been news reports about it reading serial numbers from your BIOS or something.
_________________
Linux backups the right way.
Get surround sound working.

[nephros]

Hanlons Razor: Never attribute to malice that which can be adequately explained by stupidity.

My guess is, they are not being malicious, but just didn't know how to do it properly.
Or they want to be on the safe side wrt future changes in the firefox home dir structure.

There are many reasons not to trust Skype, but this is IMO not one of them.
_________________
Please put [SOLVED] in your topic if you are a moron.

[halfgaar]

[nephros]

[GNUtoo]

where are we on the decoding of the skype binary?
when will we have a free(as in freedom) skype implementation?