Threat modelling of downloading a script and piping it to shell:

One problem mentioned in [1] that I agree with: You can't inspect a copy of what you just executed. I usually download the script and look at what it does first, to see where this unpackaged software installs to.


Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!