|
|
|
|
|
|
by mortenlarsen
1567 days ago
|
|
|
The script can change any time, and maybe even just for some people without leaving a trace. Updating a package in a OS distribution repository requires that it is signed, and spread to all the mirrors (it is unlikely that an attacker controls all of them). This makes it more likely to be discovered and hard to do targeted attacks without leaving a trace. If it does happen that you are compromised using: bash -c "$(curl -fsSL http://gef.blah.cat/sh)"
How will you find out afterwards, that this is what happened?I run local mirrors of everything I use (with snapshots after updating the mirror), so I at least have a history of the software that I ran to do forensics on. I could not do that if I ran scripts directly from the Internet into a shell. For example: Something suddenly trying to connect to the Internet (or doing DNS lookups) from one of my segregated systems might prompt me to investigate. Even if you are not so "paranoid" as many would call it (I would call it being diligent), you still get the benefit of others being "paranoid". So making sure (via packages, mirrors and signatures) that we all get the same "version" of software is important for security. |
|
|