[10822] in bugtraq
Re: big brother in your cc
daemon@ATHENA.MIT.EDU (Casper Dik)
Mon Jun 14 18:44:06 1999
Message-Id: <199906142133.XAA20464@romulus>
Date: Mon, 14 Jun 1999 23:33:09 +0200
Reply-To: Casper Dik <casper@HOLLAND.SUN.COM>
From: Casper Dik <casper@HOLLAND.SUN.COM>
X-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Tue, 15 Jun 1999 00:17:12 +1000."
<199906141417.AAA12925@cheops.anu.edu.au>
>Whilst this isn't strictly speaking a security bug, it borders on
>Sun acting in a very "big brother" manner which is frightening!
>
>For those of you using Sun's SUNWspro C compiler package, beware!
>The binaries "c89" and "cc" appear to automagically send an email
>to "ut-cc@sunpro.Eng.Sun.COM" with a list of C compiler commands,
>including some sort of cpu-time summary. Extract as follows:
>
>cc -E
(I have a strong sense of deja-vu, wasn't this discussed before on
BUGTRAQ? Ah wait, Usenet Oct '98)
This compiler "feature" only exists in the pre-FCS compilers (i.e.,
Alpha and Beta products) and other pre-FCS workshop products.
It was documented in several locations, perhaps even in the
"must read and agree to" license, but I think it was pretty prominent.
(The websites have gone now that FCS is here)
(Some older compilers inadvertedly left the code in) 4.0? 4.1?
That is, unless you have a domainname set on your system that ends
in .sun.com; in that case usage tracking also happens with your FCS
compiler.
So it's not all that big brotherish as you make it out:
- for alpha/beta only
- documented how to switch off (in several places)
- the cc command lines forwarded only include the options,
not the option parameters or file name arguments.
(-DFOO becomes -D, -Lpath gives -L etc ; file.c is not listed)
Nothing sinister, just alpha/beta users helping to gather statistics
about compiler option usage. (And us internal Sun folk who get to
test drive all stuff)
Of course, we could argue whether this should be an opt-in or opt-out
thing till we're blue in the face, but let's not.
Suffices to say that I've long since disabled most outgoing mail
from my system.
Casper
