zlacker

[return to "Detecting the use of "curl | bash" server-side"]
1. cjbpri+e2[view] [source] 2018-07-29 02:26:42
>>rubyn0+(OP)
Neat! But it's not obviously a bad idea. You have a TLS connection with the site you're downloading from. `curl | bash` is no worse than downloading a .dmg or .deb from the same server would be.
◧◩
2. mikeas+k2[view] [source] 2018-07-29 02:29:22
>>cjbpri+e2
The difference is that you can inspect it before you run it if you download it. If you pipe it into bash you don’t know what you’re getting, even if you previously inspected the data provided by that URL.
◧◩◪
3. trumpe+6z[view] [source] 2018-07-29 14:11:10
>>mikeas+k2
If inspecting a script is a good way to avoid evil software, bugs would not exist.
[go to top]