zlacker

[return to "Detecting the use of "curl | bash" server-side"]
1. cjbpri+e2[view] [source] 2018-07-29 02:26:42
>>rubyn0+(OP)
Neat! But it's not obviously a bad idea. You have a TLS connection with the site you're downloading from. `curl | bash` is no worse than downloading a .dmg or .deb from the same server would be.
◧◩
2. throwa+k4[view] [source] 2018-07-29 03:06:52
>>cjbpri+e2
dpkg/packages have sanity checks to make sure that files aren't being overwritten, and things are generally in a sane state.

curl|bash involves no checks, and no system integration whatsoever.

◧◩◪
3. cjbpri+75[view] [source] 2018-07-29 03:24:39
>>throwa+k4
dpkg doesn't stop you overwriting system files in a post-install shell script, as far as I know? Which is the way that a malicious package would choose to do it. I don't think dpkg performs any meaningful security review in the way you describe.
[go to top]