Hacker News new | ask | show | jobs
by tln 2407 days ago
True, you can detect it without a way to stop the damage! Or easier and more thorough,

    curl | bash -x
2 comments
y4mi 2407 days ago
Piping through tee doesn't trigger the sever side detection (it doesn't stop to read every few ms) and using the x flag isn't inherited, so it's gone as soon as subshells are invoked, which is pretty normal for an installation script.

This has all been mentioned in the linked comment thread

link
tln 2406 days ago
Actually the server side detection in [0] isn't really affected by putting tee in the middle... and neither does -x, of course.

Good point about -x being fallible to an adversarial script, even a simple set +x would be enough!

Where's the link where this has been mentioned? I missed it.

0: https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-b...

link
tulunsutao 2407 days ago
Use disposable virtual machine to isolate the damage, while dumping the script, this way we can detect attack without compromising ourself.
link