zlacker

[parent] [thread] 2 comments
1. posnet+(OP)[view] [source] 2023-09-27 00:02:35
It can be detected if your adversaries are clever enough: https://lukespademan.com/blog/the-dangers-of-curlbash/
replies(2): >>thinkm+85 >>post-+C7
2. thinkm+85[view] [source] 2023-09-27 00:32:09
>>posnet+(OP)
Congrats, you just defeated the attack by manually downloading the script before running it!
3. post-+C7[view] [source] 2023-09-27 00:47:39
>>posnet+(OP)
Tbh, I’m put on more on alert by the spelling errors in the linked post than I am by the ostensible threat of a server timing my requests in order to serve malware.

It’s good practice to check anything that you’ll pipe to `sudo`, but this article’s level of paranoia is kind of self-defeating, no?

At some point, we all trust the things we run on our machines. We rely on communities — and our participation in them — to vet installations.

There is no perfect solution. Someone will always be misled.

[go to top]