after using skype several times, it does read the passwd file but not
the shadow file.
I won't worry about it any more.
Jim K
Michael Miller wrote:
> I think people are more or less wondering why the client is looking at
> anything in the /etc directory. It's not like your password is stored
> in
On Tuesday 28 August 2007 09:37:08 am Bob Miller wrote:
> Neil Parker wrote:
> > No. The closest you can get is probably to run your suspicious software
> > under the control of strace or something similar. This will report all
> > system calls made by the process, including attempts to open file
I think people are more or less wondering why the client is looking at
anything in the /etc directory. It's not like your password is stored
in the /etc/passwd file (anymore). Any user can look at the
/etc/passwd file, it's not a big deal (IMHO). Unless skype is trying
to harvest usernames to tr
Neil Parker wrote:
> No. The closest you can get is probably to run your suspicious software
> under the control of strace or something similar. This will report all
> system calls made by the process, including attempts to open files. (I
> believe this was exactly how skype's suspicious behavi
On 8/27/07, Neil Parker <[EMAIL PROTECTED]> wrote:
> Jim K wrote,
> >Just a thought, is there any command that would show what program had
> >last accessed a file?
>
> No. The closest you can get is probably to run your suspicious software
> under the control of strace or something similar. This
Jim K wrote,
>Just a thought, is there any command that would show what program had
>last accessed a file?
No. The closest you can get is probably to run your suspicious software
under the control of strace or something similar. This will report all
system calls made by the process, including at
Just a thought, is there any command that would show what program had
last accessed a file?
Jim K
Bob Miller wrote:
> Jim K wrote:
>
>
>> I saw slashdot had a note that skype accesses the /etc/passwd file.
>> Because I have used skype occasionally I am somewhat concerned. As a
>> quick and dirty
Jim K wrote:
> I saw slashdot had a note that skype accesses the /etc/passwd file.
> Because I have used skype occasionally I am somewhat concerned. As a
> quick and dirty script would this detect such access:
> ls -l --time=atime shadow >>somelogfile
> ls -l --time=atime passwd >>somelogfile
> ls
> You could also use lsof to see if skype opens that file for reading
The file access would probably be nearly instantaneous. It's unlikely
that you'd catch it with lsof.
--
Hal Pomeranz, Founder/CEO Deer Run Associates [EMAIL PROTECTED]
Network Connectivity and Security, Systems
You could also use lsof to see if skype opens that file for reading
On 8/27/07, Jim K <[EMAIL PROTECTED]> wrote:
> I saw slashdot had a note that skype accesses the /etc/passwd file.
> Because I have used skype occasionally I am somewhat concerned. As a
> quick and dirty script would this detect
I saw slashdot had a note that skype accesses the /etc/passwd file.
Because I have used skype occasionally I am somewhat concerned. As a
quick and dirty script would this detect such access:
ls -l --time=atime shadow >>somelogfile
ls -l --time=atime passwd >>somelogfile
ls -l --time=ctime shadow >>
11 matches
Mail list logo
