undefined | Better HN

0 pointstzs1y ago0 comments

> Getting it out of a repository wouldn't make any more vetting appear as if by magic.

But it makes it way easier to figure out what happened if you do get attacked.

With "curl | sh" if a compromised site only sends the attack code randomly and I get unlucky I won't have a copy of the attack code afterwards. If I go to the site to grab a copy I'll probably get a copy without the attack code.

With "curl > /tmp/foo.$$; sh < /tmp/foo.$$" if I am unlucky and get the attack code I can at least look at /tmp/foo.$$ to see what happened, and download the code again and see if it is the same.

If you insist on piping, at least do "curl | tee /tmp/foo.$$ | sh".

0 comments

vladxyz1y ago

You can also throw in a `-x` at the end there.

j / k navigate · click thread line to collapse

0 pointstzs1y ago0 comments

> Getting it out of a repository wouldn't make any more vetting appear as if by magic.

But it makes it way easier to figure out what happened if you do get attacked.

With "curl > /tmp/foo.$$; sh < /tmp/foo.$$" if I am unlucky and get the attack code I can at least look at /tmp/foo.$$ to see what happened, and download the code again and see if it is the same.

If you insist on piping, at least do "curl | tee /tmp/foo.$$ | sh".