On 17/06/16 07:59, Azul wrote: > simple as that, > just don't do it. > > https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/ >
While this is interesting research I find that it is often irrelevant because you are trusting the server anyways. So if you trust the server enough to run it's software as root you should trust it enough not to swap out the file on you. If you are paranoid curl the script and follow the steps manually.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
