|
|
|
|
|
|
by OskarS
778 days ago
|
|
|
Windows and particularly macOS makes it difficult to run things that aren't code signed with trusted certificates. Same with packages in Linux package managers. That provides a large level of assurance that the thing you download is verified by a distributor that you presumably trust (otherwise why are you using their software?). Pipe to shell has no such guarantee: if a bad actor either MITMs you or gets access to their server and stuffs something bad in the script, you're out of luck. Basically, if you believe that code signing is a good thing (and I hope we all can agree on that), curl to shell is not great security practice. |
|
|