undefined | Better HN

0 pointsaaronkjones7y ago0 comments

By safe do you mean there is something insecure with redirecting output in this manner or do you mean one shouldn’t sh -c $(wget... without first checking the source of what they’re downloading?

0 comments

aaronkjonesOP7y ago

*By unsafe

tomsmeding7y ago

Mostly the second, you should check what you're downloading and executing. But a server can send two different files on two similar requests, ans perhaps it sends you a "good" file when you view it in your browser and a malicious file when downloading it via wget.

When piping, there is a well-known trick how the server can detect the difference even disregarding stings like the user agent header, but that trick doesn't work when you do $(wget ...). But I won't guarantee there isn't some other trick that can be performed.

j / k navigate · click thread line to collapse

0 pointsaaronkjones7y ago0 comments

By safe do you mean there is something insecure with redirecting output in this manner or do you mean one shouldn’t sh -c $(wget... without first checking the source of what they’re downloading?

0 comments

aaronkjonesOP7y ago

*By unsafe

tomsmeding7y ago

j / k navigate · click thread line to collapse