Hacker News new | ask | show | jobs
by Evidlo 1055 days ago
Bad actors can detect if its being piped to bash and send different data. Better to just download the script first if you're concerned.
2 comments
dopidopHN 1053 days ago
That what I meant but I had no idea about piping detection at the same time so thanks for pointing that out, nifty.
link
selcuka 1055 days ago
How can you detect where someone pipes the output of curl output to?
link
pests 1055 days ago
Basically, bash executes the script line by line as it is downloading - pausing the download while that line executes. By sending a sleep() command early in the script you can detect the delay in the next line beind downloaded.

Its a lot more complicated due to TCP buffers and trying to hide output from the user.

Original article below. It is giving me a certificate error though but its available through archives or a cache.

https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-b...

link
asdfgeoff 1053 days ago
Neat article.

Cached version → http://archive.today/O46rw

link
column 1054 days ago
"This Connection is Invalid. SSL certificate expired."
link
pests 1054 days ago
Yeah I mentioned that. You have to go through a cache or an archive.
link
selcuka 1054 days ago
Amazing, thanks.
link