zlacker

[return to "Detecting the use of "curl | bash" server-side"]
1. ithkui+3j[view] [source] 2018-07-29 09:15:44
>>rubyn0+(OP)
I wish there was a standard way to check a checksum, so that download instructions could just include that in the snippet to copy paste.

I wrote a tool that could be used like that but it's useless if its not ubiquitous (https://github.com/mmikulicic/runck)

◧◩
2. e12e+Gm[view] [source] 2018-07-29 10:54:28
>>ithkui+3j
Since copy-pasting to the terminal is also unsafe[1], it's not really a solution...

At any rate - code-signing doesn't really help if the author is the attacker.

[1] http://thejh.net/misc/website-terminal-copy-paste

[go to top]