Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 11 Feb 2014 09:07:04 +0100
From:      Matthias Apitz <guru@unixarea.de>
To:        freebsd-ports@freebsd.org
Cc:        araujo@FreeBSD.org
Subject:   port www/youtube_dl
Message-ID:  <20140211080704.GA18964@sh4-5.1blu.de>
next in thread | raw e-mail | index | archive | help 

Hello,

The port www/youtube_dl installs as a binary the Youtube downloader in

# file /usr/local/bin/youtube-dl
/usr/local/bin/youtube-dl: data

The executeable tends to fail due to changes the provider Youtube does
in its web page and users tend to update the software theirself by the
option --update; this connects via HTTPS to:

07:36:12.668370 IP 10.32.233.251.31097 > frnk.radius.uk.mediaways.net.domain: 63308+ A? rg3.github.io. (31)
07:36:13.214619 IP frnk.radius.uk.mediaways.net.domain > 10.32.233.251.31097: 63308 2/0/0 CNAME github.map.fastly.net., A 185.31.16.133 (82)
07:36:13.215016 IP 10.32.233.251.33006 > frnk.radius.uk.mediaways.net.domain: 63309+ AAAA? rg3.github.io. (31)
07:36:13.348108 IP 10.32.233.251.57784 > frnk.radius.uk.mediaways.net.domain: 35986+ PTR?  251.233.32.10.in-addr.arpa. (44)
07:36:13.514879 IP frnk.radius.uk.mediaways.net.domain > 10.32.233.251.33006: 63309 1/1/0 CNAME github.map.fastly.net. (138)
07:36:13.515729 IP 10.32.233.251.14874 > 185.31.16.133.http: Flags [S], seq 3997719834, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 441155 ecr 0], length 0
...

and downloads a new binary version to /usr/local/bin/youtube-dl which
must be done in addition as root (or root must change the owner of the
file before).

This is highly concerning due to 'phoning home' and installing whatever
(mal-) software or due to DNS redirects to some malware side.

The Linux friends patch the source to disable the --update option; see
https://bugs.launchpad.net/ubuntu/+source/youtube-dl/+bug/1063469

Shouldn't we do the same?

Thx

	matthias
-- 
Matthias Apitz               |  /"\ ASCII Ribbon Campaign: www.asciiribbon.org
E-mail: guru@unixarea.de     |  \ / - No HTML/RTF in E-mail
WWW: http://www.unixarea.de/ |   X  - No proprietary attachments
phone: +49-170-4527211       |  / \ - Respect for open standards

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140211080704.GA18964>