Re: So much for Skype.

To: Ron Johnson <ron.l.johnson@cox.net>
Cc: debian-user@lists.debian.org
Subject: Re: So much for Skype.
From: Dotan Cohen <dotancohen@gmail.com>
Date: Mon, 23 May 2011 08:01:18 +0300
Message-id: <[🔎] BANLkTinBwiHZCSFw587AgVJebj5AjmQB9A@mail.gmail.com>
In-reply-to: <[🔎] 4DD9E529.1080700@cox.net>
References: <[🔎] 20110519035939.AB23414DBCF@smtp.hushmail.com> <[🔎] 4DD5472C.5040402@affinityvision.com.au> <[🔎] BANLkTimMo2Z_Emb10An3xsgUP549nK_=-A@mail.gmail.com> <[🔎] 4DD58640.3000905@affinityvision.com.au> <[🔎] BANLkTi=dh=Vz5_L+EJ4D3Y5MahEa3ZnmPg@mail.gmail.com> <[🔎] 4DD9AA94.3040502@cox.net> <[🔎] BANLkTikCtR6=CU0A2wasb8NVqJFjLSkhog@mail.gmail.com> <[🔎] 4DD9D48F.9090105@cox.net> <[🔎] BANLkTi=PH_xYuyHrHdC2fftbAZE6U-x=Yg@mail.gmail.com> <[🔎] 4DD9E529.1080700@cox.net>

On Mon, May 23, 2011 at 07:40, Ron Johnson <ron.l.johnson@cox.net> wrote:
>>> I was thinking of setuid() magic.
>>
>> Again an OS issue,
>
> Insofar as the OS provides the feature.
>

Indeed, this really is a convenience-before-security feature that
reminds me of a certain prolific software vendor. Give me an hour or
two, I'd like to start a new thread on this because I really do think
that it is a problem that needs addressing sooner rather than later.

>>                   not a Skype issue.
>
> Yet, *if* Skype uses the function it's because Skype's programmers
> programmed Skype to use the function.
>

Which the OS allows them, so I pass no blame on the Skype devs.

>>                                       I agree that since root must
>> install Skype, and since root then owns Skype, the application might
>> setuid. But this is an OS feature, not a Skype feature. How is this
>> not a concern with any other closed-source application that one must
>> install? I could understand derailing the thread into a closed-source
>> vs. open-source debate, which while very productive would not address
>> the issue at hand.
>>
>
> It's a concern with *all* programs that need to stray from your little
> protected zone.
>

Indeed. I did find this application, but it seems to be far from adequate:
http://www.cims.nyu.edu/cgi-comment/info2html?%28cfengine-Tutorial%29The%2520setuid%2520log

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com

Reply to:

Follow-Ups:
- Re: So much for Skype.
  - From: Ron Johnson <ron.l.johnson@cox.net>

References:
- Re: So much for Skype.
  - From: annathemermaid@hush.com
- Re: So much for Skype.
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
- Re: So much for Skype.
  - From: Dotan Cohen <dotancohen@gmail.com>
- Re: So much for Skype.
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
- Re: So much for Skype.
  - From: Dotan Cohen <dotancohen@gmail.com>
- Re: So much for Skype.
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: So much for Skype.
  - From: Dotan Cohen <dotancohen@gmail.com>
- Re: So much for Skype.
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: So much for Skype.
  - From: Dotan Cohen <dotancohen@gmail.com>
- Re: So much for Skype.
  - From: Ron Johnson <ron.l.johnson@cox.net>

Prev by Date: Re: So much for Skype.
Next by Date: Re: Serial Console Access
Previous by thread: Re: So much for Skype.
Next by thread: Re: So much for Skype.
Index(es):
- Date
- Thread