Y
Hacker News
new
|
ask
|
show
|
jobs
by
whyever
339 days ago
All the attacks you described also apply to downloading and executing a file. I don't think `curl | sh` is worse in this regard.
2 comments
bflesch
339 days ago
With a downloaded file your antivirus will run automated checks on it, you can calculate a hash signature and compare the value with others who also download the file, and you will notice if the file changes after you execute it.
link
davedx
339 days ago
If you download it first, you can at least eyeball what's been downloaded to check it doesn't start by installing a bitcoin miner
link
geysersam
339 days ago
How often do people do that when they install a package from npm, pypi, or
other package repository
? In practice never.
link