Re: So much for Skype.

To: debian-user@lists.debian.org
Subject: Re: So much for Skype.
From: Ron Johnson <ron.l.johnson@cox.net>
Date: Sun, 22 May 2011 23:40:09 -0500
Message-id: <[🔎] 4DD9E529.1080700@cox.net>
In-reply-to: <[🔎] BANLkTi=PH_xYuyHrHdC2fftbAZE6U-x=Yg@mail.gmail.com>
References: <[🔎] 20110519035939.AB23414DBCF@smtp.hushmail.com> <[🔎] 4DD5472C.5040402@affinityvision.com.au> <[🔎] BANLkTimMo2Z_Emb10An3xsgUP549nK_=-A@mail.gmail.com> <[🔎] 4DD58640.3000905@affinityvision.com.au> <[🔎] BANLkTi=dh=Vz5_L+EJ4D3Y5MahEa3ZnmPg@mail.gmail.com> <[🔎] 4DD9AA94.3040502@cox.net> <[🔎] BANLkTikCtR6=CU0A2wasb8NVqJFjLSkhog@mail.gmail.com> <[🔎] 4DD9D48F.9090105@cox.net> <[🔎] BANLkTi=PH_xYuyHrHdC2fftbAZE6U-x=Yg@mail.gmail.com>

On 05/22/2011 11:22 PM, Dotan Cohen wrote:

On Mon, May 23, 2011 at 06:29, Ron Johnson<ron.l.johnson@cox.net>  wrote:

I was thinking of setuid() magic.


Again an OS issue,


Insofar as the OS provides the feature.

                   not a Skype issue.

Yet, *if* Skype uses the function it's because Skype's programmersprogrammed Skype to use the function.

                                       I agree that since root must
install Skype, and since root then owns Skype, the application might
setuid. But this is an OS feature, not a Skype feature. How is this
not a concern with any other closed-source application that one must
install? I could understand derailing the thread into a closed-source
vs. open-source debate, which while very productive would not address
the issue at hand.

It's a concern with *all* programs that need to stray from your littleprotected zone.

For that matter, though, I do agree that setuid is a security risk and
not well mitigated. Maybe the issue needs to be dealt with already:
how would you suggest changing the kernel behaviour to mitigate the
risk? A warning or log entry each time an application uses setuid? At
install, at runtime, or both? Something else?


--
"Neither the wisest constitution nor the wisest laws will secure
the liberty and happiness of a people whose manners are universally
corrupt."
Samuel Adams, essay in The Public Advertiser, 1749

Reply to:

Follow-Ups:
- Re: So much for Skype.
  - From: Dotan Cohen <dotancohen@gmail.com>

References:
- Re: So much for Skype.
  - From: annathemermaid@hush.com
- Re: So much for Skype.
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
- Re: So much for Skype.
  - From: Dotan Cohen <dotancohen@gmail.com>
- Re: So much for Skype.
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
- Re: So much for Skype.
  - From: Dotan Cohen <dotancohen@gmail.com>
- Re: So much for Skype.
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: So much for Skype.
  - From: Dotan Cohen <dotancohen@gmail.com>
- Re: So much for Skype.
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: So much for Skype.
  - From: Dotan Cohen <dotancohen@gmail.com>

Prev by Date: Re: So much for Skype.
Next by Date: Re: So much for Skype.
Previous by thread: Re: So much for Skype.
Next by thread: Re: So much for Skype.
Index(es):
- Date
- Thread