zlacker

[parent] [thread] 1 comments
1. e12e+(OP)[view] [source] 2018-07-29 10:54:28
Since copy-pasting to the terminal is also unsafe[1], it's not really a solution...

At any rate - code-signing doesn't really help if the author is the attacker.

[1] http://thejh.net/misc/website-terminal-copy-paste

replies(1): >>ithkui+E3
2. ithkui+E3[view] [source] 2018-07-29 11:56:45
>>e12e+(OP)
Sure, but that's harder to hide. Any user could paste somewhere where nothing gets executed and the expose the hack attempt. Pipe to bash has the interesting aspect of letting the author inject hacks only to people who are not looking.

Anyway, the use case for my runck utility is scripts such as dockefiles or CI automation where I want to download and run installers and I don't want to reduce the bash boilerplate.

[go to top]