zlacker

[parent] [thread] 0 comments
1. tzs+(OP)[view] [source] 2023-09-27 00:26:30
Even if you don't review it before running it, after

  $ curl https://whatever/foo.sh > foo.sh
  $ sh foo.sh
if something goes terribly wrong you can examine foo.sh to try to figure out what happened and how to fix it. Even if foo.sh managed to delete itself you can just grab it again.

After

  $ curl https://whatever/foo.sh | sh
if something goes wrong and you then try

  $ curl https://whatever/foo.sh > foo.sh
to get a copy of the script to examine a malicious server can tell that you aren't piping to a shell [1] and give a non-malicious script.

Since it takes an insignificant amount of effort to defend against this why not get in the habit of doing it?

[1] >>17636032

[go to top]