21·
21 hours agoNo, it is different, as it adds an entire layer of indirection and unknown to the mix, increasing the risk in the process.
Bla bla punk bla bla vegan bla bla FOSS nerd bla bla ska, ethics and movement enthusiast
- 0 Posts
- 6 Comments
Joined 1 year ago
Cake day: September 19th, 2024
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Yes, this is the correct approach from a security perspective.
Please tell me you are not seriously equating a highly sophisticated attack line the Solarwind compromise with piping curl to bash?
This is a bit like saying crossing the street blindfolded while juggling chainsaws and crossing the street on a pedestrian crossing while the light is red for cars both carry risk. Sure. One’s a terrible idea though.
Oh the example in the article is the nice version if this attack.
Checking the script as downloaded by wget or curl and then piping curl to bash is still a terrible idea, as you have no guarantee you’ll get the same script in both cases:
It is, see https://github.com/m4tx/curl-bash-attack