Hacker News new | ask | show | jobs
by maccard 1810 days ago
Yes, there absolutely should be. It would be a massive improvement if that happened.

It requires a few extra steps to be actually secure. You actually need to verify the hash from a trusted source for it to be actually secure. If the delivery has been tampered with, you need to ensure that the delivery of the hash has also not been tampered with. In practice, codesigning is the solution, but certs are expensive, and impractical for a small project.
1 comments
KronisLV 1810 days ago
How about the hash being something that you calculate locally?

  1. (local) Download the file from the URL.
  2. (local) Review it locally, in a text editor.
  3. (local) Get its hash locally, from the file in your file system.
  4. (SSH) Feed this hash into the fictional tool above.
  5. (SSH) If what curl gets is the same as the file that you've reviewed, it gets piped further into bash, otherwise the execution stops and an error is output.
Of course, that's only applicable to this particular case, where a compromised server could detect that a bash pipe is used and return different file contents. That would only be useful in situations where you want to review it on a local device, such as a desktop and run it on a remote one, such as a server.

Edit: If you want to review it remotely, there's nothing to prevent you from using less or something to view it before manually opening it with Bash. That just requires the discipline to not use one liners that both download and run it, as long as no such tool like the above exisdts.

link
maccard 1809 days ago
I cant believe I'm going to suggest a blockchain but I think what you really want is: - run `cu-sh example.com/questionable.` - this uses `$editor` to let you review the contents (skippable with a command line flag) - generate a hash of your local contents - check said hash against a blockchain to see if everyone else who got it got the same contents as you. - decide from 1 and 2 above whether you actually want to proceed with the install.

You could replace blockchain with checking if it's signed, and the key matches an owner on keybase/github/some other federated identity provider too.

link