Warning: His mention of the "freedup" program piqued my interest, so I went to have a look at it. Overall, the description makes it sound like a solid tool, and the documentation seems relatively complete.
However, when I built it, I noticed that the Makefile attempts to write new lines into /etc/services, and yes, the program does contains socket/server code - which is apparently triggered by undocumented options.
Personally, I'm a bit leery of file-system level tools that contain undocumented server code, so I'll not be using it. (Although I might try to audit it, or maybe just try one of the other similar tools listed here: http://en.wikipedia.org/wiki/Freedup )
While I'm not ready to make any judgements of nefariousness, it is worrisome from general security point of view that if I read the makefile correctly, it is configuring its network service to run as root.
edit: grepped changelog and todo files, found these:
TODO: 1 - graphical web based user interface (full version with 2.0)
TODO:v1.7 - first working web interface (non-stabil enhancement)
TODO:done + single unmodified web template on GET request
TODO: + non-interactive execution with display to web interface
TODO:done + webpage streaming
TODO: + providing a web interface for the interactive mode
ChangeLog: + gui defaults to off, activate and deactivate using "make webon/weboff/state"
ChangeLog: + basic web interface offered (reply not accepted yet)
ChangeLog: + first helper routines for web-based GUI
The networking code does not seem to be activated without the -W flag, so I wouldn't be too worried about it. Just remove the entries it tries to create under /etc and you should be fine.
Yeah, I'm sure it's not nefarious. It's just very poor judgement to leave that code in the build without documenting it. So poor, that I don't feel I'm able to trust the rest of the code without auditing it.
I've emailed the listed contact email for freedup with your comment. Perhaps it was some prototype code which never got finished but the author didn't realize how it looked like a potential vulnerability.
However, when I built it, I noticed that the Makefile attempts to write new lines into /etc/services, and yes, the program does contains socket/server code - which is apparently triggered by undocumented options.
Personally, I'm a bit leery of file-system level tools that contain undocumented server code, so I'll not be using it. (Although I might try to audit it, or maybe just try one of the other similar tools listed here: http://en.wikipedia.org/wiki/Freedup )