[10817] in bugtraq
big brother in your cc
daemon@ATHENA.MIT.EDU (Darren Reed)
Mon Jun 14 14:15:32 1999
Content-Type: text
Message-Id: <199906141417.AAA12925@cheops.anu.edu.au>
Date: Tue, 15 Jun 1999 00:17:12 +1000
Reply-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
From: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
To: BUGTRAQ@NETSPACE.ORG
Whilst this isn't strictly speaking a security bug, it borders on
Sun acting in a very "big brother" manner which is frightening!
For those of you using Sun's SUNWspro C compiler package, beware!
The binaries "c89" and "cc" appear to automagically send an email
to "ut-cc@sunpro.Eng.Sun.COM" with a list of C compiler commands,
including some sort of cpu-time summary. Extract as follows:
INFO unix i86pc SunOS 5.7
cc -E
CPU-time 0.010000 0.010000
...
cc -o -Xa -O
CPU-time 0.000000 0.060000
...
cc -o -Xa -O
CPU-time 0.020000 0.050000
and so on. Setting the environment variable UT_NO_USAGE_TRACKING
seems to do the right thing but for those that wish to enable this
feature, check with strings on the available environment settings
to mediate this (search for UT_). The mail is set to originate from
"nobody" so it's unlikely you'll notice it if it fails to be delivered
unless you check your mail queue.
