Hacker News new | ask | show | jobs
by jacobscott 3808 days ago
What's the difference between downloading and executing a binary, installing a package (apt-get, pip, gem, etc), and curl | sh which makes the later so bad?
2 comments
DoubleMalt 3808 days ago
A package is downloaded completely from the net, then checked for it's signature. A network transmission is by orders of magnitude less safe with regards to corruption of the payload.
link
SchizoDuckie 3808 days ago
This article sums it up better than i can do. http://www.seancassidy.me/dont-pipe-to-your-shell.html
link
jacobscott 3808 days ago
Thanks, this makes sense!
link