|
|
|
|
|
|
by maccard
1810 days ago
|
|
|
> its also possible to detect when someone is piping to bash (on the server) and serve a different payload. If you have a fear of your source maliciously serving you different code over curl, don't run their code at all. > You're better off piping curl to a file, reviewing the file and then running it manually. Right, but the safety there is reviewing the code. Running brew install, npm install, pip install, or a binary could all run malicious code too. |
|
|