zlacker
[return to "Detecting the use of "curl | bash" server-side"]
◧
1. cjbpri+e2
[view]
[source]
2018-07-29 02:26:42
>>rubyn0+(OP)
Neat! But it's not obviously a bad idea. You have a TLS connection with the site you're downloading from. `curl | bash` is no worse than downloading a .dmg or .deb from the same server would be.
◧◩
2. throwa+k4
[view]
[source]
2018-07-29 03:06:52
>>cjbpri+e2
dpkg/packages have sanity checks to make sure that files aren't being overwritten, and things are generally in a sane state.
curl|bash involves no checks, and no system integration whatsoever.
[go to top]