Follow

Threat modelling of downloading a script and piping it to shell: arp242.net/curl-to-sh.html

One problem mentioned in [1] that I agree with: You can't inspect a copy of what you just executed. I usually download the script and look at what it does first, to see where this unpackaged software installs to.

[1] twitter.com/hanno/status/11931

Sign in to participate in the conversation
chaos.social

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!