A sneaky demonstration of the dangers of curl | bash - k3can blog
blog.k3can.us

I set up a quick demonstration to show risks of curl|bash and how a bad-actor could potentially hide a malicious script that appears safe.

It’s nothing new or groundbreaking, but I figure it never hurts to have another reminder.

  • ssfckdt@lemmy.blahaj.zoneEnglish
    31·
    6 hours ago

    I’m a bit lost with

    a more cautious user might first paste the url into the address bar of their web browser to see what the script looks like before running it. In the

    You… You just… You just dump the curl output to file and examine that and then run it if its good

    Just a weird imagined sequence to me.

    • martini1992@lemmy.mlEnglish
      1·
      5 hours ago

      Worse than that, the server can change it’s response based on user agent so you need to curl it to a file first, a browser could be served a completely different response.