Comment on A sneaky demonstration of the dangers of curl bash
quick_snail@feddit.nl 4 days ago
a more cautious user might first paste the url into the address bar of their web browser to see what the script looks like before running it.
Wow, I never thought anyone would be that dumb.
Why wouldn’t they just wget it, read it, and then execute it?
axx@slrpnk.net 4 days ago
Oh the example in the article is the nice version if this attack.
Checking the script as downloaded by wget or curl and the piping curl to bash is still a terrible idea, as you have no guarantee you’ll get the same script in both cases: